CVE-2021-22734

HIGH

Schneider homeLYnk and spaceLYnk <=2.60 - Remote Code Execution via Signature Bypass

Title source: manual

Description

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04

Scores

CVSS v3 7.2

EPSS 0.0084

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-347

Status published

Products (2)

schneider-electric/homelynk_firmware < 2.6.0

schneider-electric/spacelynk_firmware < 2.6.0

Published May 26, 2021

Tracked Since Feb 18, 2026