Sign-up

ID

VAR-202105-0412


CVE

CVE-2021-22734


TITLE

homeLYnk  and  spaceLYnk  Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007526

DESCRIPTION

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. homeLYnk (Wiser For KNX) and spaceLYnk Exists in a digital signature validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-22734 // JVNDB: JVNDB-2021-007526

AFFECTED PRODUCTS

vendor:schneider electricmodel:spacelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:homelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:spacelynkscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:homelynkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007526 // NVD: CVE-2021-22734

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22734
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202105-1729
value: HIGH

Trust: 0.6

NVD: CVE-2021-22734
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2021-22734
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22734
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-007526 // CNNVD: CNNVD-202105-1729 // NVD: CVE-2021-22734

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.0

problemtype:Improper verification of digital signatures (CWE-347) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007526 // NVD: CVE-2021-22734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1729

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202105-1729

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22734

PATCH
title:SEVD-2021-130-04url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 0.8
title:homeLYnk Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152839
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007526 // 
            
            
            
            CNNVD: CNNVD-202105-1729

EXTERNAL IDS
db:NVDid:CVE-2021-22734
Trust: 3.2
db:SCHNEIDERid:SEVD-2021-130-04
Trust: 1.6
db:JVNDBid:JVNDB-2021-007526
Trust: 0.8
db:CNNVDid:CNNVD-202105-1729
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007526 // 
            
            
            
            CNNVD: CNNVD-202105-1729 // 
            
            
            
            NVD: CVE-2021-22734

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-22734
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2021-007526 // 
            
            
            
            CNNVD: CNNVD-202105-1729 // 
            
            
            
            NVD: CVE-2021-22734

SOURCES
db:JVNDBid:JVNDB-2021-007526
db:CNNVDid:CNNVD-202105-1729
db:NVDid:CVE-2021-22734

LAST UPDATE DATE
2022-05-06T08:39:50.458000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-007526date:2022-02-15T07:04:00
db:CNNVDid:CNNVD-202105-1729date:2022-03-10T00:00:00
db:NVDid:CVE-2021-22734date:2021-06-04T14:17:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-007526date:2022-02-15T00:00:00
db:CNNVDid:CNNVD-202105-1729date:2021-05-26T00:00:00
db:NVDid:CVE-2021-22734date:2021-05-26T20:15:00