Sign-up

ID

VAR-202105-0415


CVE

CVE-2021-22737


TITLE

homeLYnk  and  spaceLYnk  Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007498

DESCRIPTION

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. homeLYnk (Wiser For KNX) and spaceLYnk Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-22737 // JVNDB: JVNDB-2021-007498 // VULMON: CVE-2021-22737

AFFECTED PRODUCTS

vendor:schneider electricmodel:spacelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:homelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:spacelynkscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:homelynkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007498 // NVD: CVE-2021-22737

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22737
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202105-1732
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-22737
value: MEDIUM

Trust: 0.1

NVD: CVE-2021-22737
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2021-22737
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22737
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-22737 // JVNDB: JVNDB-2021-007498 // CNNVD: CNNVD-202105-1732 // NVD: CVE-2021-22737

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007498 // NVD: CVE-2021-22737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1732

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1732

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22737

PATCH
title:SEVD-2021-130-04url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 0.8
title:spaceLYnk Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=152842
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007498 // 
            
            
            
            CNNVD: CNNVD-202105-1732

EXTERNAL IDS
db:NVDid:CVE-2021-22737
Trust: 3.3
db:SCHNEIDERid:SEVD-2021-130-04
Trust: 1.7
db:JVNDBid:JVNDB-2021-007498
Trust: 0.8
db:CNNVDid:CNNVD-202105-1732
Trust: 0.6
db:VULMONid:CVE-2021-22737
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22737 // 
            
            
            
            JVNDB: JVNDB-2021-007498 // 
            
            
            
            CNNVD: CNNVD-202105-1732 // 
            
            
            
            NVD: CVE-2021-22737

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-22737
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22737 // 
            
            
            
            JVNDB: JVNDB-2021-007498 // 
            
            
            
            CNNVD: CNNVD-202105-1732 // 
            
            
            
            NVD: CVE-2021-22737

SOURCES
db:VULMONid:CVE-2021-22737
db:JVNDBid:JVNDB-2021-007498
db:CNNVDid:CNNVD-202105-1732
db:NVDid:CVE-2021-22737

LAST UPDATE DATE
2022-11-15T22:01:40.372000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-22737date:2021-06-04T00:00:00
db:JVNDBid:JVNDB-2021-007498date:2022-02-15T05:15:00
db:CNNVDid:CNNVD-202105-1732date:2022-10-26T00:00:00
db:NVDid:CVE-2021-22737date:2022-11-10T22:15:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-22737date:2021-05-26T00:00:00
db:JVNDBid:JVNDB-2021-007498date:2022-02-15T00:00:00
db:CNNVDid:CNNVD-202105-1732date:2021-05-26T00:00:00
db:NVDid:CVE-2021-22737date:2021-05-26T20:15:00