Your one-stop web resource providing safety and security information to manufacturers

Schneider Electric created firmware that fixes a cross-site scripting vulnerability in its homeLYnk Controller, LSS100100, according to a report with ICS-CERT.

The remotely exploitable vulnerability, discovered by Mohammed Shameem, affects homeLYnk Controller, LSS100100, all versions prior to V1.5.0.

Phoenix Contact Mitigates mGuard Issue
GE Fixes Proficy Vulnerability
Advantech Mitigates Vulnerabilities
VideoInsight Fixes SQL Injection Hole

An attacker may be able to exploit this vulnerability to cause execution of java script code.

The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of java script code.

Schneider Bold

No known public exploits specifically target this vulnerability. However, an attacker will a low skill level could exploit the vulnerability.

CVE-2017-5157 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

Click here to download Schneider Electric’s fix.

For more information on this vulnerability and more detailed mitigation instructions, click on Schneider Electric’s security notification SEVD-2017-011-01.

Pin It on Pinterest

Share This