Details of VAR-202105-0418

ID

VAR-202105-0418

CVE

CVE-2021-22740

TITLE

homeLYnk and spaceLYnk Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007377

DESCRIPTION

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. homeLYnk (Wiser For KNX) and spaceLYnk Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-22740 // JVNDB: JVNDB-2021-007377

AFFECTED PRODUCTS

vendor:	schneider electric	model:	spacelynk	scope:	lte	version:	2.6.0	Trust: 1.0
vendor:	schneider electric	model:	homelynk	scope:	lte	version:	2.6.0	Trust: 1.0
vendor:	schneider electric	model:	homelynk	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	spacelynk	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007377 // NVD: CVE-2021-22740

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-22740
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202105-1757
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2021-22740
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8

NVD:	CVE-2021-22740
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22740
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007377 // CNNVD: CNNVD-202105-1757 // NVD: CVE-2021-22740

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007377 // NVD: CVE-2021-22740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1757

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202105-1757

CONFIGURATIONS

sources: NVD: CVE-2021-22740

PATCH

title:

SEVD-2021-130-04

url:

https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04

Trust: 0.8

sources: JVNDB: JVNDB-2021-007377

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22740	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2021-130-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2021-007377	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1757	Trust: 0.6

sources: JVNDB: JVNDB-2021-007377 // CNNVD: CNNVD-202105-1757 // NVD: CVE-2021-22740

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-130-04	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22740	Trust: 1.4

sources: JVNDB: JVNDB-2021-007377 // CNNVD: CNNVD-202105-1757 // NVD: CVE-2021-22740

SOURCES

db:	JVNDB	id:	JVNDB-2021-007377
db:	CNNVD	id:	CNNVD-202105-1757
db:	NVD	id:	CVE-2021-22740

LAST UPDATE DATE

2022-07-02T00:21:13.039000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-007377	date:	2022-02-09T07:32:00
db:	CNNVD	id:	CNNVD-202105-1757	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2021-22740	date:	2021-06-03T20:13:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-007377	date:	2022-02-09T00:00:00
db:	CNNVD	id:	CNNVD-202105-1757	date:	2021-05-26T00:00:00
db:	NVD	id:	CVE-2021-22740	date:	2021-05-26T20:15:00