Sign-up

ID

VAR-202105-0413


CVE

CVE-2021-22735


TITLE

homeLYnk  and  spaceLYnk  Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007525

DESCRIPTION

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. homeLYnk (Wiser For KNX) and spaceLYnk Exists in a digital signature validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-22735 // JVNDB: JVNDB-2021-007525

AFFECTED PRODUCTS

vendor:schneider electricmodel:spacelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:homelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:spacelynkscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:homelynkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007525 // NVD: CVE-2021-22735

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22735
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202105-1730
value: HIGH

Trust: 0.6

NVD: CVE-2021-22735
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

NVD: CVE-2021-22735
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22735
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-007525 // CNNVD: CNNVD-202105-1730 // NVD: CVE-2021-22735

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.0

problemtype:Improper verification of digital signatures (CWE-347) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007525 // NVD: CVE-2021-22735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1730

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202105-1730

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22735

PATCH
title:SEVD-2021-130-04url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 0.8
title:Schneider Electric spaceLYnk Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152840
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007525 // 
            
            
            
            CNNVD: CNNVD-202105-1730

EXTERNAL IDS
db:NVDid:CVE-2021-22735
Trust: 3.2
db:SCHNEIDERid:SEVD-2021-130-04
Trust: 1.6
db:JVNDBid:JVNDB-2021-007525
Trust: 0.8
db:CNNVDid:CNNVD-202105-1730
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007525 // 
            
            
            
            CNNVD: CNNVD-202105-1730 // 
            
            
            
            NVD: CVE-2021-22735

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-22735
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2021-007525 // 
            
            
            
            CNNVD: CNNVD-202105-1730 // 
            
            
            
            NVD: CVE-2021-22735

SOURCES
db:JVNDBid:JVNDB-2021-007525
db:CNNVDid:CNNVD-202105-1730
db:NVDid:CVE-2021-22735

LAST UPDATE DATE
2022-07-02T00:21:13.101000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-007525date:2022-02-15T06:44:00
db:CNNVDid:CNNVD-202105-1730date:2022-07-01T00:00:00
db:NVDid:CVE-2021-22735date:2021-06-04T14:21:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-007525date:2022-02-15T00:00:00
db:CNNVDid:CNNVD-202105-1730date:2021-05-26T00:00:00
db:NVDid:CVE-2021-22735date:2021-05-26T20:15:00