Sign-up

ID

VAR-202105-0416


CVE

CVE-2021-22738


TITLE

homeLYnk  and  spaceLYnk  Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007376

DESCRIPTION

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. homeLYnk (Wiser For KNX) and spaceLYnk Is vulnerable to the use of cryptographic algorithms.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-22738 // JVNDB: JVNDB-2021-007376 // VULMON: CVE-2021-22738

AFFECTED PRODUCTS

vendor:schneider electricmodel:spacelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:homelynkscope:lteversion:2.6.0

Trust: 1.0

vendor:schneider electricmodel:homelynkscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:spacelynkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007376 // NVD: CVE-2021-22738

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-22738
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202105-1734
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-22738
value: MEDIUM

Trust: 0.1

NVD: CVE-2021-22738
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2021-22738
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22738
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-22738 // JVNDB: JVNDB-2021-007376 // CNNVD: CNNVD-202105-1734 // NVD: CVE-2021-22738

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007376 // NVD: CVE-2021-22738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1734

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202105-1734

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-22738

PATCH
title:SEVD-2021-130-04url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 0.8
title:spaceLYnk Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152843
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-007376 // 
            
            
            
            CNNVD: CNNVD-202105-1734

EXTERNAL IDS
db:NVDid:CVE-2021-22738
Trust: 3.3
db:SCHNEIDERid:SEVD-2021-130-04
Trust: 1.7
db:JVNDBid:JVNDB-2021-007376
Trust: 0.8
db:CNNVDid:CNNVD-202105-1734
Trust: 0.6
db:VULMONid:CVE-2021-22738
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22738 // 
            
            
            
            JVNDB: JVNDB-2021-007376 // 
            
            
            
            CNNVD: CNNVD-202105-1734 // 
            
            
            
            NVD: CVE-2021-22738

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-22738
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-22738 // 
            
            
            
            JVNDB: JVNDB-2021-007376 // 
            
            
            
            CNNVD: CNNVD-202105-1734 // 
            
            
            
            NVD: CVE-2021-22738

SOURCES
db:VULMONid:CVE-2021-22738
db:JVNDBid:JVNDB-2021-007376
db:CNNVDid:CNNVD-202105-1734
db:NVDid:CVE-2021-22738

LAST UPDATE DATE
2022-07-02T00:21:13.166000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-22738date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2021-007376date:2022-02-09T07:32:00
db:CNNVDid:CNNVD-202105-1734date:2022-07-01T00:00:00
db:NVDid:CVE-2021-22738date:2021-06-03T20:24:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-22738date:2021-05-26T00:00:00
db:JVNDBid:JVNDB-2021-007376date:2022-02-09T00:00:00
db:CNNVDid:CNNVD-202105-1734date:2021-05-26T00:00:00
db:NVDid:CVE-2021-22738date:2021-05-26T20:15:00