CVE-2021-22806

CWE-6693 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 40.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schneider-electric Fellerlynk FirmwareSchneider-electric Spacelynk FirmwareSchneider-electric Wiser FOR KNX Firmware
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Patches

Patch: download.schneider-electric.comPatch: download.schneider-electric.com

🔴Vulnerability Details

2
GHSA
GHSA-565q-5jqq-h2wg: A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing2022-02-12
CVEList
CVE-2021-22806: A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing2022-02-11
CVE-2021-22806 (HIGH CVSS 7.5) | A CWE-669: Incorrect Resource Trans | cvebase.io