Details of VAR-202201-0170

ID

VAR-202201-0170

CVE

CVE-2021-44564

TITLE

plural SYNC Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017713

DESCRIPTION

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). plural SYNC There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Kalkitech Sync Products is a range of substation gateways from the Indian company Kalkitech

Trust: 2.25

sources: NVD: CVE-2021-44564 // JVNDB: JVNDB-2021-017713 // CNVD: CNVD-2022-09797 // VULMON: CVE-2021-44564

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-09797

AFFECTED PRODUCTS

vendor:	kalkitech	model:	sync3000-m3	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2000-m2	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2111-m2	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync221-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync241-m2	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync241-m4	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2000-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2101-m8	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync3000-m2	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync3000-m4	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync261-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2101-m7	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2101-m2	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2000-m4	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync3000-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2101-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync3000-m12	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2111-m3	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync2101-m6	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalkitech	model:	sync241-m1	scope:	lte	version:	4.15.3	Trust: 1.0
vendor:	kalki communication pvt	model:	sync241-m1	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2000-m4	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2000-m1	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync241-m4	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2101-m1	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2101-m6	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync241-m2	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2000-m2	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync2101-m2	scope:	-	version:	-	Trust: 0.8
vendor:	kalki communication pvt	model:	sync261-m1	scope:	-	version:	-	Trust: 0.8
vendor:	kalkitech	model:	sync products	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-09797 // JVNDB: JVNDB-2021-017713 // NVD: CVE-2021-44564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44564
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-44564
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-09797
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202201-425
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-44564
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-09797
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-44564
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44564
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-09797 // JVNDB: JVNDB-2021-017713 // CNNVD: CNNVD-202201-425 // NVD: CVE-2021-44564

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017713 // NVD: CVE-2021-44564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-425

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202201-425

PATCH

title:	CYB/2021/33631 Kalkitech	url:	https://kalkitech.com/wp-content/uploads/2022/01/CYB_33631_Advisory.pdf	Trust: 0.8
title:	Patch for Kalkitech Sync Products Encryption Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/318996	Trust: 0.6
title:	Kalkitech Sync Products Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178023	Trust: 0.6

sources: CNVD: CNVD-2022-09797 // JVNDB: JVNDB-2021-017713 // CNNVD: CNNVD-202201-425

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44564	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-017713	Trust: 0.8
db:	CNVD	id:	CNVD-2022-09797	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-425	Trust: 0.6
db:	VULMON	id:	CVE-2021-44564	Trust: 0.1

sources: CNVD: CNVD-2022-09797 // VULMON: CVE-2021-44564 // JVNDB: JVNDB-2021-017713 // CNNVD: CNNVD-202201-425 // NVD: CVE-2021-44564

REFERENCES

url:	https://kalkitech.com/wp-content/uploads/cyb_33631_advisory.pdf	Trust: 2.3
url:	https://www.kalkitech.com/cybersecurity/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44564	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-09797 // VULMON: CVE-2021-44564 // JVNDB: JVNDB-2021-017713 // CNNVD: CNNVD-202201-425 // NVD: CVE-2021-44564

SOURCES

db:	CNVD	id:	CNVD-2022-09797
db:	VULMON	id:	CVE-2021-44564
db:	JVNDB	id:	JVNDB-2021-017713
db:	CNNVD	id:	CNNVD-202201-425
db:	NVD	id:	CVE-2021-44564

LAST UPDATE DATE

2024-11-23T22:50:58.181000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-09797	date:	2022-02-12T00:00:00
db:	VULMON	id:	CVE-2021-44564	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017713	date:	2023-02-01T07:27:00
db:	CNNVD	id:	CNNVD-202201-425	date:	2022-01-17T00:00:00
db:	NVD	id:	CVE-2021-44564	date:	2024-11-21T06:31:13.317

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-09797	date:	2022-02-12T00:00:00
db:	VULMON	id:	CVE-2021-44564	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017713	date:	2023-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202201-425	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-44564	date:	2022-01-06T12:15:08.190