A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01A
http://www.securityfocus.com/bid/97585
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-052-02