Schneider Electric created firmware that fixes a cross-site scripting vulnerability in its homeLYnk Controller, LSS100100, according to a report with ICS-CERT.
The remotely exploitable vulnerability, discovered by Mohammed Shameem, affects homeLYnk Controller, LSS100100, all versions prior to V1.5.0.
An attacker may be able to exploit this vulnerability to cause execution of java script code.
The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of java script code.
No known public exploits specifically target this vulnerability. However, an attacker will a low skill level could exploit the vulnerability.
CVE-2017-5157 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.
Click here to download Schneider Electric’s fix.
For more information on this vulnerability and more detailed mitigation instructions, click on Schneider Electric’s security notification SEVD-2017-011-01.