CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:spacelynk:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:wiser_for_knx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:fellerlynk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:fellerlynk:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-09 23:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-22809

Mitre link : CVE-2022-22809

CVE.ORG link : CVE-2022-22809

JSON object : View

Products Affected

schneider-electric

wiser_for_knx_firmware
spacelynk_firmware
wiser_for_knx
fellerlynk_firmware
spacelynk
fellerlynk

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2022-22809", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-02-09T23:15:19.293", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)"}, {"lang": "es", "value": "Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticaci\u00f3n para la Funci\u00f3n Cr\u00edtica que podr\u00eda permitir una modificaci\u00f3n de las configuraciones t\u00e1ctiles de forma no autorizada cuando un atacante intenta modificar las configuraciones t\u00e1ctiles. Producto afectado: spaceLYnk (versiones V2.6.2 y anteriores), Wiser for KNX (anteriormente homeLYnk) (versiones V2.6.2 y anteriores), fellerLYnk (versiones V2.6.2 y anteriores)"}], "lastModified": "2023-02-22T17:54:36.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C0D5C8-3559-4591-8F88-A9D6E3DFA9E4", "versionEndIncluding": "2.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:spacelynk:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7B2FBBD-C461-47EF-A912-E445C063DED9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD308EE6-41C3-4D93-A2A5-9D7EFF3A8413", "versionEndIncluding": "2.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:wiser_for_knx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAF53585-8B87-4609-991E-30B56B601DEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:fellerlynk_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89174639-40D3-4A31-8357-7C497BCF2895", "versionEndIncluding": "2.6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:fellerlynk:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC947F97-7E49-475F-84E6-29D7A6DF50CB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}