CVE-2017-5157 — MEDIUM (6.1)

Vulnerability Description

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider Electric	Homelynk Controller Lss100100 Firmware	1.3.0
Schneider-Electric	Homelynk Controller Lss100100	-

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/95665Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/95665Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-5157?

CVE-2017-5157 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be ...

How severe is CVE-2017-5157?

CVE-2017-5157 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5157?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider Electric Homelynk Controller Lss100100 Firmware, Schneider-Electric Homelynk Controller Lss100100.