spaceLYnk, Wiser For KNX, fellerLYnk

Plan Patch8.2SEVD-2021-285-01Oct 12, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric spaceLYnk, Wiser for KNX, and fellerLYnk products are vulnerable to a cross-origin resource sharing (CORS) attack. These devices are building management controllers that manage energy efficiency, comfort, and process control via KNX, Modbus, BACnet, and IP protocols. The vulnerability allows an attacker to exploit insufficient CORS protections, potentially leading to data exfiltration and unauthorized access to the controller's management interface.

What this means

What could happen

An attacker could exfiltrate sensitive data from your building management system or gain unauthorized access to control functions on the spaceLYnk, Wiser for KNX, or fellerLYnk controller. This could allow manipulation of HVAC, lighting, or energy management settings affecting building operations.

Who's at risk

Energy and utilities organizations using Schneider Electric building management systems should care: specifically anyone running spaceLYnk, Wiser for KNX, or fellerLYnk controllers to manage HVAC, lighting, and energy distribution in office buildings, data centers, or industrial facilities. Facility managers and system administrators are the primary users at risk.

How it could be exploited

An attacker crafts a malicious web page and tricks an administrator into visiting it while logged into the building management interface. The attacker's page exploits improper CORS headers to read or modify data on the controller without the administrator's knowledge, potentially changing setpoints or reading configuration data.

Prerequisites

Network access to the controller's management web interface (typically port 80/443)
An authorized user must be logged into the management interface while visiting an attacker-controlled website
No special credentials required—the attack exploits the user's existing authenticated session

remotely exploitableno authentication required for the attack itselflow complexityhigh CVSS (8.2)affects building automation and energy management

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

spaceLYnk V2.6.1 and prior≤ 2.6.12.6.2

Wiser for KNX V2.6.1 and prior≤ 2.6.12.6.2

fellerLYnk V2.6.1 and prior≤ 2.6.12.6.2

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict network access to the management interface to authorized engineering workstations or a jump host using firewall rules

HARDENINGRequire multi-factor authentication on the management interface if available

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade spaceLYnk to version 2.6.2 or later

HOTFIXUpgrade Wiser for KNX to version 2.6.2 or later

HOTFIXUpgrade fellerLYnk to version 2.6.2 or later

HOTFIXPlan for controller reboot after each firmware upgrade (coordinate with building operations to minimize disruption)

CVEs (1)

CVE-2021-22806

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c2f2235b-d382-43ae-8101-eb0deb150d7f