spaceLYnk, Wiser For KNX, fellerLYnk

Plan PatchCVSS 9.3SEVD-2022-039-04Feb 8, 2022

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities exist in spaceLYnk (≤V2.6.2), Wiser for KNX (≤V2.6.2), and fellerLYnk (≤V2.6.2) controllers. These include missing authentication controls, Cross-Site Request Forgery (CSRF), rate limiting issues, and Stored Cross-Site Scripting (XSS) in the web management interface. An attacker could bypass login, trick authenticated users into performing unauthorized actions, inject malicious scripts, or exfiltrate system data and credentials. spaceLYnk and Wiser for KNX are fixed in version 2.7.0. fellerLYnk status is unclear from the advisory.

What this means

What could happen

An attacker could bypass authentication, perform unauthorized actions on your building automation system (such as altering HVAC setpoints or disabling security controls), or steal configuration data and credentials through web-based attacks on the management interface.

Who's at risk

Building automation and energy management operators running Schneider Electric spaceLYnk, Wiser for KNX, or Feller fellerLYnk controllers. These systems manage HVAC, lighting, occupancy controls, and energy distribution in commercial buildings. Energy utilities and facility managers responsible for these systems should prioritize patching.

How it could be exploited

An attacker with network access to the web interface could craft a malicious request or webpage that tricks an authenticated user into performing unauthorized actions (CSRF), inject malicious scripts that execute in other users' browsers (XSS), or bypass login controls entirely (missing authentication) to gain direct access to the system.

Prerequisites

Network access to the web management interface (typically port 80/443)
For CSRF attacks: authenticated user must visit attacker-controlled page while logged into the system
For XSS attacks: attacker must inject malicious payload through a vulnerable input field
For authentication bypass: no special prerequisites—attacker can attempt direct access

remotely exploitablelow complexityaffects building automation and safety-related controlsCSRF and XSS can lead to unauthorized process changesauthentication weaknesses allow direct access

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (3)

2 with fix1 pending

ProductAffected VersionsFix Status

spaceLYnk V2.6.2 and prior≤ V2.6.22.7.0

Wiser for KNX (formerly homeLYnk) V2.6.2 and prior≤ V2.6.22.7.0

fellerLYnk V2.6.2 and prior≤ V2.6.2No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGFor fellerLYnk: Contact Feller support regarding patch status, as version 2.7.0 remediation details are unclear; implement network segmentation immediately as compensating control

WORKAROUNDRestrict network access to the web management interface to authorized administrative subnets only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate spaceLYnk to version 2.7.0 or later and perform system reboot

HOTFIXUpdate Wiser for KNX to version 2.7.0 or later and perform system reboot

Long-term hardening

0/1

HARDENINGImplement Web Application Firewall (WAF) rules to detect and block CSRF and XSS payloads if available

CVEs (4)

CVE-2022-22809 CVE-2022-22810 CVE-2022-22811 CVE-2022-22812

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/58964008-f92a-4925-b187-b1b64d3bd196

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.