Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-22734

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-26 May, 2021 | 19:19
Updated At-03 Aug, 2024 | 18:51
Rejected At-
Credits

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:26 May, 2021 | 19:19
Updated At:03 Aug, 2024 | 18:51
Rejected At:
▼CVE Numbering Authority (CNA)

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

Affected Products
Vendor
n/a
Product
homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
Versions
Affected
  • homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04
x_refsource_MISC
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04
x_refsource_MISC
x_transferred
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:26 May, 2021 | 20:15
Updated At:04 Jun, 2021 | 14:17

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Schneider Electric SE
schneider-electric
>>spacelynk_firmware>>Versions up to 2.6.0(inclusive)
cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>spacelynk>>-
cpe:2.3:h:schneider-electric:spacelynk:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>homelynk_firmware>>Versions up to 2.6.0(inclusive)
cpe:2.3:o:schneider-electric:homelynk_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>homelynk>>-
cpe:2.3:h:schneider-electric:homelynk:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primarycybersecurity@se.com
CWE ID: CWE-347
Type: Primary
Source: cybersecurity@se.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04cybersecurity@se.com
Vendor Advisory
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04
Source: cybersecurity@se.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

65Records found
CVE-2021-32977
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.20%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-16 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA System Platform Improper Verification of Cryptographic Signature

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.

Action-Not Available
Vendor-AVEVA
Product-system_platformAVEVA System Platform
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-3196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 14:10
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-id_bravura_security_fabricn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-7937
Matching Score-4
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-4
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG+0.01%
Published-19 Sep, 2025 | 02:09
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.

Action-Not Available
Vendor-SMCI
Product-MBD-X12STW
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-41767
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.04% / 10.77%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 08:18
Updated-11 Mar, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signature bypass on update upload

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-ubr-02ubr-lonuniversal_bacnet_router_firmwareubr-01_mk_iiUBR-01 Mk IIUBR-LONUBR-02
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-26122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.64% / 70.54%
||
7 Day CHG~0.00%
Published-07 Dec, 2020 | 15:34
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.

Action-Not Available
Vendor-inspurn/a
Product-ns5162m5nf5486m5_firmwarenf8480m5_firmwarenf5488m5-d_firmwarenf5180m5_firmwarenf5270m5_firmwarenf5466m5nf5488m5-dnf5180m5nf8260m5nf5280m5_firmwarens5162m5_firmwarenf8260m5_firmwarenf5270m5nf8480m5ns5488m5_firmwarenf5466m5_firmwarens5488m5nf5266m5_firmwarens5484m5_firmwarenf5260m5_firmwarens5482m5ns5482m5_firmwarenf5266m5ns5484m5nf5468m5nf5468m5_firmwarenf5486m5nf5280m5nf5260m5n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-6198
Matching Score-4
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-4
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG+0.01%
Published-19 Sep, 2025 | 01:45
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Action-Not Available
Vendor-SMCI
Product-X13SEM-F
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-52550
Matching Score-4
Assigner-dd59f033-460c-4b88-a075-d4d3fedb6191
ShareView Details
Matching Score-4
Assigner-dd59f033-460c-4b88-a075-d4d3fedb6191
CVSS Score-8.6||HIGH
EPSS-0.03% / 10.10%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 11:26
Updated-01 Oct, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firmware upgrade packages are unsigned

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.

Action-Not Available
Vendor-copelandCopeland LP
Product-site_supervisor_sf_860-1200site_supervisor_rxe_860-1225site_supervisor_rx_860-1220site_supervisor_cx_860-1260site_supervisor_bx_860-1240site_supervisor_cxe_860-1265e3_supervisory_controller_firmwaresite_supervisor_bxe_860-1245E3 Supervisory Control
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-10237
Matching Score-4
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-4
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMC BMC Firmware Image Authentication Design Issue

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

Action-Not Available
Vendor-SMCI
Product-MBD-X12DPG-OA6
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-5747
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
CVSS Score-7.2||HIGH
EPSS-0.34% / 56.87%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 07:48
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection via wave install file

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution."

Action-Not Available
Vendor-hanwhavisionHanwha Vision Co., Ltd.
Product-pno-a6081r-e1twave_server_softwarepno-a6081r-e1t_firmwarepno-a6081r-e2tpno-a6081r-e2t_firmwarePNV-A6081R
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-3465
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-8.8||HIGH
EPSS-1.87% / 83.14%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 19:12
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

Action-Not Available
Vendor-simplesamlphpxmlseclibs_projectn/aDebian GNU/Linux
Product-simplesamlphpxmlseclibsdebian_linuxRob Richards XmlSecLibs
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-23773
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-7.2||HIGH
EPSS-0.03% / 8.04%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:49
Updated-01 Oct, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_base_radiombts_base_radio_firmwareebts_base_radioebts_base_radio_firmwareEBTS/MBTS Base Radioebts_mbts_base_radio
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-23772
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-7.2||HIGH
EPSS-0.03% / 8.04%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:48
Updated-02 Oct, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_site_controller_firmwarembts_site_controllerMBTS Site Controllermbts_site_controller
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-20266
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 16:18
Updated-01 Jul, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerunity_connectionemergency_responderCisco Emergency ResponderCisco Unified Communications ManagerCisco Unity Connection
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-20178
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.13% / 32.32%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:07
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Network Analytics Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_network_analyticsCisco Secure Network Analytics
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-29108
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.64%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 14:41
Updated-10 Apr, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • Next
Details not found