Search criteria
1 vulnerability found for sync2101-m1 by kalkitech
VAR-202201-0170
Vulnerability from variot - Updated: 2024-11-23 22:50A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). plural SYNC There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Kalkitech Sync Products is a range of substation gateways from the Indian company Kalkitech
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sync3000-m3",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2000-m2",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2111-m2",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync221-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync241-m2",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync241-m4",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2000-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2101-m8",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync3000-m2",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync3000-m4",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync261-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2101-m7",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2101-m2",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2000-m4",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync3000-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2101-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync3000-m12",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2111-m3",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync2101-m6",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync241-m1",
"scope": "lte",
"trust": 1.0,
"vendor": "kalkitech",
"version": "4.15.3"
},
{
"model": "sync241-m1",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2000-m4",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2000-m1",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync241-m4",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2101-m1",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2101-m6",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync241-m2",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2000-m2",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync2101-m2",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync261-m1",
"scope": null,
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": null
},
{
"model": "sync products",
"scope": null,
"trust": 0.6,
"vendor": "kalkitech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"cve": "CVE-2021-44564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-44564",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-09797",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-44564",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44564",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44564",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-44564",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-09797",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-425",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). plural SYNC There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Kalkitech Sync Products is a range of substation gateways from the Indian company Kalkitech",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44564"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "VULMON",
"id": "CVE-2021-44564"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44564",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-09797",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44564",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "VULMON",
"id": "CVE-2021-44564"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"id": "VAR-202201-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
}
]
},
"last_update_date": "2024-11-23T22:50:58.181000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CYB/2021/33631 Kalkitech",
"trust": 0.8,
"url": "https://kalkitech.com/wp-content/uploads/2022/01/CYB_33631_Advisory.pdf"
},
{
"title": "Patch for Kalkitech Sync Products Encryption Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/318996"
},
{
"title": "Kalkitech Sync Products Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178023"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://kalkitech.com/wp-content/uploads/cyb_33631_advisory.pdf"
},
{
"trust": 1.7,
"url": "https://www.kalkitech.com/cybersecurity/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "VULMON",
"id": "CVE-2021-44564"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"db": "VULMON",
"id": "CVE-2021-44564"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44564"
},
{
"date": "2023-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"date": "2022-01-06T12:15:08.190000",
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09797"
},
{
"date": "2022-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44564"
},
{
"date": "2023-02-01T07:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-017713"
},
{
"date": "2022-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-425"
},
{
"date": "2024-11-21T06:31:13.317000",
"db": "NVD",
"id": "CVE-2021-44564"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SYNC\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-425"
}
],
"trust": 0.6
}
}