Schneider Fixes XSS Vulnerability

Thursday, January 19, 2017 @ 03:01 PM gHale


Schneider Electric created firmware that fixes a cross-site scripting vulnerability in its homeLYnk Controller, LSS100100, according to a report with ICS-CERT.

The remotely exploitable vulnerability, discovered by Mohammed Shameem, affects homeLYnk Controller, LSS100100, all versions prior to V1.5.0.

RELATED STORIES
Phoenix Contact Mitigates mGuard Issue
GE Fixes Proficy Vulnerability
Advantech Mitigates Vulnerabilities
VideoInsight Fixes SQL Injection Hole

An attacker may be able to exploit this vulnerability to cause execution of java script code.

The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of java script code.

No known public exploits specifically target this vulnerability. However, an attacker will a low skill level could exploit the vulnerability.

CVE-2017-5157 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

Click here to download Schneider Electric’s fix.

For more information on this vulnerability and more detailed mitigation instructions, click on Schneider Electric’s security notification SEVD-2017-011-01.



Leave a Reply

You must be logged in to post a comment.