Details of VAR-202106-0570

ID

VAR-202106-0570

CVE

CVE-2021-20107

TITLE

plural Sloan SmartFaucet Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-008919

DESCRIPTION

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance. plural Sloan SmartFaucet The product contains an authentication vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-20107 // JVNDB: JVNDB-2021-008919 // VULMON: CVE-2021-20107

IOT TAXONOMY

category:

['home & office device']

sub_category:

smart faucet

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	sloan	model:	optima ebf-550	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-675	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-850	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8137	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-610	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-775	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8110	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-375	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8186	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-100	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-850	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8180	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-500	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis ress-c	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-800	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-300	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-150	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8153	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-677	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-350	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis ress-c bt	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-650	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-85	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-100	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis bpw 8000	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8111 bt	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-420	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-425	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-177	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-665	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8115	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-660	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-277	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-200	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-275	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-880	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-225	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-750	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-700	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-700	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-80	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-350	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-600	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-415	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-175	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-150	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis ress-u	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8195	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8113	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-380	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-750	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-187	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima eaf-250	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-770	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-600	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-200	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-800	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8186 bt	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8116	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-280	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-250	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-377	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis ress-u bt	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8152	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-650	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima etf-410	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-680	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-275	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	optima ebf-615	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	basys efx-180	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan	model:	solis 8111	scope:	eq	version:	-	Trust: 1.0
vendor:	sloan valve	model:	optima eaf 750	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 100	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 225	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima ebf 187	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 250	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 150	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 350	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 275	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 200	scope:	-	version:	-	Trust: 0.8
vendor:	sloan valve	model:	optima eaf 700	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008919 // NVD: CVE-2021-20107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20107
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20107
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-1973
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20107
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20107
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-20107
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20107
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-20107 // JVNDB: JVNDB-2021-008919 // CNNVD: CNNVD-202106-1973 // NVD: CVE-2021-20107

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008919 // NVD: CVE-2021-20107

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1973

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-1973

PATCH

title:	Top Page	url:	https://www.sloan.com/	Trust: 0.8
title:	Sloan SmartFaucets Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155586	Trust: 0.6

sources: JVNDB: JVNDB-2021-008919 // CNNVD: CNNVD-202106-1973

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20107	Trust: 3.4
db:	TENABLE	id:	TRA-2021-26	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-008919	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1973	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-20107	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-20107 // JVNDB: JVNDB-2021-008919 // CNNVD: CNNVD-202106-1973 // NVD: CVE-2021-20107

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-26-0	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20107	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-20107 // JVNDB: JVNDB-2021-008919 // CNNVD: CNNVD-202106-1973 // NVD: CVE-2021-20107

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-20107
db:	JVNDB	id:	JVNDB-2021-008919
db:	CNNVD	id:	CNNVD-202106-1973
db:	NVD	id:	CVE-2021-20107

LAST UPDATE DATE

2025-01-30T21:06:39.943000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-20107	date:	2021-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-008919	date:	2022-03-31T07:30:00
db:	CNNVD	id:	CNNVD-202106-1973	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2021-20107	date:	2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-20107	date:	2021-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-008919	date:	2022-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202106-1973	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2021-20107	date:	2021-06-30T14:15:08.487