PT-2022-6546 · Spacelynk+1 · Spacelynk+2
Published
2022-02-09
·
Updated
2023-05-10
·
CVE-2022-22809
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
spaceLYnk versions 2.6.2 and prior
Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior
fellerLYnk versions 2.6.2 and prior
Description
A Missing Authentication for Critical Function issue exists, allowing unauthorized modifications to touch configurations when an attacker attempts to modify these configurations. This could enable a remote attacker to redefine system configurations.
Recommendations
For spaceLYnk versions 2.6.2 and prior, update to a version that includes a fix for this issue.
For Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior, update to a version that includes a fix for this issue.
For fellerLYnk versions 2.6.2 and prior, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the touch configuration modification functionality until a patch is available.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wiser For Knx
Fellerlynk
Spacelynk