OTPulse
FeedAboutContact

spaceLYnk & Wiser for KNX (formerly homeLYnk)

Plan Patch7.5SEVD-2020-224-02Aug 11, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in spaceLYnk and Wiser for KNX allows unauthenticated network attackers to read sensitive information from the device. The vulnerability does not require user interaction and can be exploited by anyone with network access to the affected device. It affects all versions of both products prior to the 2.5.1 update.

What this means
What could happen
An attacker with network access could read sensitive configuration data or other protected information from the device without needing to authenticate, compromising the security of your building automation or energy management system.
Who's at risk
Energy sector operators using Schneider Electric's spaceLYnk or Wiser for KNX (formerly homeLYnk) logic controllers for building automation and energy management should prioritize this issue. These devices manage critical settings for HVAC, lighting, and power distribution control in commercial and industrial facilities.
How it could be exploited
An attacker sends network requests to the spaceLYnk or Wiser for KNX device without authentication credentials. The vulnerability allows the attacker to read protected data directly from the device's memory or storage, potentially revealing system configurations, credentials, or operational parameters.
Prerequisites
  • Network access to the spaceLYnk or Wiser for KNX device over the network
  • No authentication credentials required
Remotely exploitableNo authentication requiredLow complexity attackAffects energy management systemsInformation disclosure (high confidentiality impact)
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
spaceLYnk All VersionAll versions2.5.1
Wiser for KNX (formerly homeLYnk) All VersionAll versions2.5.1
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to spaceLYnk and Wiser for KNX devices using firewall rules or network segmentation—only allow connections from authorized engineering workstations and management systems
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate spaceLYnk firmware to version 2.5.1 or later
HOTFIXUpdate Wiser for KNX firmware to version 2.5.1 or later
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate building automation and energy management systems from general IT networks
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3a57da53-0ab3-4c00-aed8-cc056c91a731
spaceLYnk & Wiser for KNX (formerly homeLYnk) | CVSS 7.5 - OTPulse