CVE-2021-22733

Published: May 26, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.

Affected (2)

Products: Schneider Electric: Spacelynk Firmware, Homelynk Firmware

Schneider Electric

2 products

Spacelynk Firmware

Homelynk Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Spacelynk Firmware	Up to 2.6.0

Running on/with	Platform Versions
Schneider Electric Spacelynk	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Homelynk Firmware	Up to 2.6.0

Running on/with	Platform Versions
Schneider Electric Homelynk	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.