Auth bypass in Schneider-electric Fellerlynk
CVE-2022-22809
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Produc…
Vulnerability class: Broken Authentication
EPSS: 0.008 (50.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Schneider-electric Fellerlynk
- Schneider-electric Fellerlynk_firmware
- Schneider-electric Spacelynk
- Schneider-electric Spacelynk_firmware
- Schneider-electric Wiser_for_knx
- Schneider-electric Wiser_for_knx_firmware
- N/a Spacelynk (V2.6.2 And Prior), Wiser For Knx (Formerly Homelynk) Fellerlynk Prior) — versions spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
Weakness classification (CWE)
References
- cybersecurity@se.com (Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-22809?
- CVE-2022-22809 is a medium-severity vulnerability in Schneider-electric Fellerlynk, classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2022-02-09.
- How severe is CVE-2022-22809?
- Medium severity. CVSS v3 base score is 5.3 out of 10.