Sign-up

ID

VAR-202202-0284


CVE

CVE-2022-22810


TITLE

Schneider Electric Multiple product security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-202202-899

DESCRIPTION

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

Trust: 1.0

sources: NVD: CVE-2022-22810

AFFECTED PRODUCTS

vendor:schneider electricmodel:wiser for knxscope:lteversion:2.6.2

Trust: 1.0

vendor:schneider electricmodel:fellerlynkscope:lteversion:2.6.2

Trust: 1.0

vendor:schneider electricmodel:spacelynkscope:lteversion:2.6.2

Trust: 1.0

sources: NVD: CVE-2022-22810

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-22810
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202202-899
value: CRITICAL

Trust: 0.6

NVD: CVE-2022-22810
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-22810
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202202-899 // NVD: CVE-2022-22810

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

sources: NVD: CVE-2022-22810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-899

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-899

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-22810

PATCH
title:Schneider Electric spaceLYnk  and Wiser for KNX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184123
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202202-899

EXTERNAL IDS
db:NVDid:CVE-2022-22810
Trust: 1.6
db:SCHNEIDERid:SEVD-2022-039-04
Trust: 1.6
db:CNNVDid:CNNVD-202202-899
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202202-899 // 
            
            
            
            NVD: CVE-2022-22810

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-04
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2022-22810
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202202-899 // 
            
            
            
            NVD: CVE-2022-22810

SOURCES
db:CNNVDid:CNNVD-202202-899
db:NVDid:CVE-2022-22810

LAST UPDATE DATE
2022-05-04T08:51:45.776000+00:00

SOURCES UPDATE DATE
db:CNNVDid:CNNVD-202202-899date:2022-03-10T00:00:00
db:NVDid:CVE-2022-22810date:2022-02-16T18:23:00

SOURCES RELEASE DATE
db:CNNVDid:CNNVD-202202-899date:2022-02-09T00:00:00
db:NVDid:CVE-2022-22810date:2022-02-09T23:15:00