var-201702-0677
Vulnerability from variot
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Schneider Electric homeLYnk Controller Contains a cross-site scripting vulnerability.Through expertly crafted user input, JavaScript The code may be executed. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SchneiderhomeLYnkControllerLSS1001003 is a logic controller. An attacker could exploit the vulnerability to execute arbitrary script code on a user's browser on an affected website, stealing a cookie-based authentication certificate and launching other attacks. LSS100100 is one of the versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0677",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "homelynk controller lss100100",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.3.0"
},
{
"model": "homelynk controller lss100100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "homelynk controller lss100100",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "v1.5.0"
},
{
"model": "electric homelynk controller lss100100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "0"
},
{
"model": "homelynk controller lss100100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "homelynk controller lss100100",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "homelynk controller lss100100",
"version": "1.3.0"
}
],
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "BID",
"id": "95665"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:homelynk_controller_lss100100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:homelynk_controller_lss100100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mohammed Shameem",
"sources": [
{
"db": "BID",
"id": "95665"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-5157",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-01102",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "933d4e66-186c-4eee-8f95-82af659f1a68",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-113360",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-5157",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5157",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-5157",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-826",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113360",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "VULHUB",
"id": "VHN-113360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Schneider Electric homeLYnk Controller Contains a cross-site scripting vulnerability.Through expertly crafted user input, JavaScript The code may be executed. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SchneiderhomeLYnkControllerLSS1001003 is a logic controller. An attacker could exploit the vulnerability to execute arbitrary script code on a user\u0027s browser on an affected website, stealing a cookie-based authentication certificate and launching other attacks. LSS100100 is one of the versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "BID",
"id": "95665"
},
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "VULHUB",
"id": "VHN-113360"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5157",
"trust": 3.6
},
{
"db": "BID",
"id": "95665",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-019-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01102",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-019-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-011-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "933D4E66-186C-4EEE-8F95-82AF659F1A68",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113360",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "VULHUB",
"id": "VHN-113360"
},
{
"db": "BID",
"id": "95665"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"id": "VAR-201702-0677",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "VULHUB",
"id": "VHN-113360"
}
],
"trust": 1.4625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
}
]
},
"last_update_date": "2024-11-23T21:54:16.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-011-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-011-01"
},
{
"title": "Patch for SchneiderhomeLYnkControllerLSS1001003 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88800"
},
{
"title": "Schneider Electric homeLYnk Controller LSS1001003 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95665"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-019-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5157"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-019-01a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5157"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range/62143-homelynk-?n=1687035610 "
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-011-01/ "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "VULHUB",
"id": "VHN-113360"
},
{
"db": "BID",
"id": "95665"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"db": "VULHUB",
"id": "VHN-113360"
},
{
"db": "BID",
"id": "95665"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-08T00:00:00",
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-113360"
},
{
"date": "2017-01-19T00:00:00",
"db": "BID",
"id": "95665"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"date": "2017-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"date": "2017-02-13T21:59:02.767000",
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01102"
},
{
"date": "2017-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-113360"
},
{
"date": "2017-01-23T00:12:00",
"db": "BID",
"id": "95665"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001603"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-826"
},
{
"date": "2024-11-21T03:27:10.233000",
"db": "NVD",
"id": "CVE-2017-5157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider homeLYnk Controller LSS1001003 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "933d4e66-186c-4eee-8f95-82af659f1a68"
},
{
"db": "CNVD",
"id": "CNVD-2017-01102"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-826"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…