CVE-2022-32514

Name of the Vulnerable Software and Affected Versions C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0 Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0 Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0 Clipsal Wiser for C-Bus Automation Controller - 5500SHAC versions prior to V1.10.0 SpaceLogic C-Bus Network Automation Controller - 5500NAC2 versions prior to V1.10.0 SpaceLogic C-Bus Application Controller - 5500AC2 versions prior to V1.10.0

Description A vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. This issue is related to errors during the authentication procedure. Exploitation of the vulnerability may allow a remote attacker to gain full access to the device.

Recommendations For C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0, update to version V1.10.0 or later. For Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0, update to version V1.10.0 or later. For Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0, update to version V1.10.0 or later. For Clipsal Wiser for C-Bus Automation Controller - 5500SHAC versions prior to V1.10.0, update to version V1.10.0 or later. For SpaceLogic C-Bus Network Automation Controller - 5500NAC2 versions prior to V1.10.0, update to version V1.10.0 or later. For SpaceLogic C-Bus Application Controller - 5500AC2 versions prior to V1.10.0, update to version V1.10.0 or later.