Insufficiently Protected Credentials Vulnerability in HomeLYnk and spaceLYnk by Schneider Electric
CVE-2021-22737

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Homelynk (wiser For Knx) And Spacelynk V2.60 And Prior
Vendor: CVE Published:; 26 May 2021

Summary

A vulnerability in HomeLYnk (Wiser For KNX) and spaceLYnk versions up to V2.60 allows attackers to gain unauthorized access due to insufficient protection of credentials. This could be exploited through brute force attack techniques, resulting in potential security breaches. Users are advised to implement stronger security measures and keep their software updated to mitigate such risks.

Affected Version(s)

homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Jan 6, 2021