CVE-2020-7525

EPSS 0.99%
Published 31.08.2020 17:15:12
Last modified 21.11.2024 05:37:18
Source cybersecurity@se.com
Teams watchlist Login
Open Login

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Spacelynk Firmware Version < 2.5.1

Schneider-electric ≫ Spacelynk Version-

Schneider-electric ≫ Wiser For Knx Firmware Version < 2.5.1

Schneider-electric ≫ Wiser For Knx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.99%	0.748

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.se.com/ww/en/download/document/SEVD-2020-224-02/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7525

EUVD