CVE-2022-22811

HIGH

Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk < 2.6.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0010
EPSS Percentile 27.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE
CWE-352
Status published
Products (3)
schneider-electric/fellerlynk_firmware < 2.6.2
schneider-electric/spacelynk_firmware < 2.6.2
schneider-electric/wiser_for_knx_firmware < 2.6.2
Published Feb 09, 2022
Tracked Since Feb 18, 2026