Cross-Site Scripting Vulnerability in Schneider Electric SpaceLYnk and Wiser for KNX
CVE-2022-22812

6.1MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Spacelynk (v2.6.2 And Prior), Wiser For Knx (formerly Homelynk) (v2.6.2 And Prior), Fellerlynk (v2.6.2 And Prior)
Vendor: CVE Published:; 9 February 2022

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2022-22812?

A Cross-Site Scripting (XSS) vulnerability exists in Schneider Electric's spaceLYnk, Wiser for KNX, and fellerLYnk products, allowing attackers to inject arbitrary JavaScript code. This vulnerability can enable unauthorized access to web sessions, compromising sensitive information and user interactions in affected versions (V2.6.2 and prior). It is crucial for users of these products to implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 7, 2022