SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-351317511] Schneider Electric homeLYnk Controller

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-01-19OtherSchneider ElectricMohammed ShameemN/ACVE-2017-5157 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric homeLYnk Controller
#


### VULNERABLE VENDOR
Schneider Electric



### VULNERABLE PRODUCT
homeLYnk Controller, LSS100100



### RESEARCHER
Mohammed Shameem


### AFFECTED PRODUCTS

Schneider Electric reports that the vulnerability affects the following products:
homeLYnk Controller, LSS100100, all versions prior to V1.5.0



### IMPACT

An attacker may be able to exploit this vulnerability to cause execution of java script code.



### BACKGROUND

CROSS-SITE SCRIPTING CWE-79
The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of java script code.
CVE-2017-5157 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).



### MITIGATION

Schneider Electric has made a firmware that fixes this vulnerability available for download at:
http://www.schneider-electric.com/en/download/document/FW1_5_1-hL/


For more information on this vulnerability and more detailed mitigation instructions, please see Schneider Electric security notification SEVD-2017-011-01 at the following location:
http://www.schneider-electric.com/ww/en/download/document/SEVD-2017-011-01