Details of VAR-202105-0411

ID

VAR-202105-0411

CVE

CVE-2021-22733

TITLE

homeLYnk and spaceLYnk Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-007527

DESCRIPTION

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. homeLYnk (Wiser For KNX) and spaceLYnk Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-22733 // JVNDB: JVNDB-2021-007527

AFFECTED PRODUCTS

vendor:	schneider electric	model:	spacelynk	scope:	lte	version:	2.6.0	Trust: 1.0
vendor:	schneider electric	model:	homelynk	scope:	lte	version:	2.6.0	Trust: 1.0
vendor:	schneider electric	model:	spacelynk	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	homelynk	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007527 // NVD: CVE-2021-22733

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-22733
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202105-1728
value:	HIGH
Trust: 0.6

NVD:	CVE-2021-22733
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8

NVD:	CVE-2021-22733
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22733
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007527 // CNNVD: CNNVD-202105-1728 // NVD: CVE-2021-22733

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007527 // NVD: CVE-2021-22733

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1728

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1728

CONFIGURATIONS

sources: NVD: CVE-2021-22733

PATCH

title:	SEVD-2021-130-04	url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04	Trust: 0.8
title:	spaceLYnk Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152399	Trust: 0.6

sources: JVNDB: JVNDB-2021-007527 // CNNVD: CNNVD-202105-1728

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22733	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2021-130-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2021-007527	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1728	Trust: 0.6

sources: JVNDB: JVNDB-2021-007527 // CNNVD: CNNVD-202105-1728 // NVD: CVE-2021-22733

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22733	Trust: 0.8

sources: JVNDB: JVNDB-2021-007527 // CNNVD: CNNVD-202105-1728 // NVD: CVE-2021-22733

SOURCES

db:	JVNDB	id:	JVNDB-2021-007527
db:	CNNVD	id:	CNNVD-202105-1728
db:	NVD	id:	CVE-2021-22733

LAST UPDATE DATE

2022-07-02T00:21:13.018000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-007527	date:	2022-02-15T07:09:00
db:	CNNVD	id:	CNNVD-202105-1728	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2021-22733	date:	2021-06-04T14:06:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-007527	date:	2022-02-15T00:00:00
db:	CNNVD	id:	CNNVD-202105-1728	date:	2021-05-26T00:00:00
db:	NVD	id:	CVE-2021-22733	date:	2021-05-26T20:15:00