Lucene search

[email protected]CVE-2021-20107

HistoryJun 30, 2021 - 2:15 p.m.

CVE-2021-20107

2021-06-3014:15:08

CWE-306

[email protected]

web.nvd.nist.gov

cve-2021-20107

unauthenticated ble interface

sloan smartfaucets

sloan flushometers

bluetooth low energy

information disclosure

water flow control

sensor sensitivity

maintenance information

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.

Affected configurations

NVD

Node

sloanoptima_eaf-100Match-

AND

sloanoptima_eaf-100_firmwareMatch-

Node

sloanoptima_eaf-150Match-

AND

sloanoptima_eaf-150_firmwareMatch-

Node

sloanoptima_eaf-200Match-

AND

sloanoptima_eaf-200_firmwareMatch-

Node

sloanoptima_eaf-225Match-

AND

sloanoptima_eaf-225_firmwareMatch-

Node

sloanoptima_eaf-250Match-

AND

sloanoptima_eaf-250_firmwareMatch-

Node

sloanoptima_eaf-275Match-

AND

sloanoptima_eaf-275_firmwareMatch-

Node

sloanoptima_eaf-350Match-

AND

sloanoptima_eaf-350_firmwareMatch-

Node

sloanoptima_eaf-700Match-

AND

sloanoptima_eaf-700_firmwareMatch-

Node

sloanoptima_eaf-750_firmwareMatch-

AND

sloanoptima_eaf-750Match-

Node

sloanoptima_ebf-187_firmwareMatch-

AND

sloanoptima_ebf-187Match-

Node

sloanoptima_ebf-415_firmwareMatch-

AND

sloanoptima_ebf-415Match-

Node

sloanoptima_ebf-425_firmwareMatch-

AND

sloanoptima_ebf-425Match-

Node

sloanoptima_ebf-550_firmwareMatch-

AND

sloanoptima_ebf-550Match-

Node

sloanoptima_ebf-615_firmwareMatch-

AND

sloanoptima_ebf-615Match-

Node

sloanoptima_ebf-650_firmwareMatch-

AND

sloanoptima_ebf-650Match-

Node

sloanoptima_ebf-665_firmwareMatch-

AND

sloanoptima_ebf-665Match-

Node

sloanoptima_ebf-750_firmwareMatch-

AND

sloanoptima_ebf-750Match-

Node

sloanoptima_ebf-775_firmwareMatch-

AND

sloanoptima_ebf-775Match-

Node

sloanoptima_ebf-85_firmwareMatch-

AND

sloanoptima_ebf-85Match-

Node

sloanoptima_ebf-850_firmwareMatch-

AND

sloanoptima_ebf-850Match-

Node

sloanoptima_etf-610_firmwareMatch-

AND

sloanoptima_etf-610Match-

Node

sloanoptima_etf-600_firmwareMatch-

AND

sloanoptima_etf-600Match-

Node

sloanoptima_etf-410_firmwareMatch-

AND

sloanoptima_etf-410Match-

Node

sloanoptima_etf-420_firmwareMatch-

AND

sloanoptima_etf-420Match-

Node

sloanoptima_etf-500_firmwareMatch-

AND

sloanoptima_etf-500Match-

Node

sloanoptima_etf-660_firmwareMatch-

AND

sloanoptima_etf-660Match-

Node

sloanoptima_etf-700_firmwareMatch-

AND

sloanoptima_etf-700Match-

Node

sloanoptima_etf-770_firmwareMatch-

AND

sloanoptima_etf-770Match-

Node

sloanoptima_etf-80_firmwareMatch-

AND

sloanoptima_etf-80Match-

Node

sloanoptima_etf-800_firmwareMatch-

AND

sloanoptima_etf-800Match-

Node

sloanoptima_etf-880_firmwareMatch-

AND

sloanoptima_etf-880Match-

Node

sloanbasys_efx-300_firmwareMatch-

AND

sloanbasys_efx-300Match-

Node

sloanbasys_efx-350_firmwareMatch-

AND

sloanbasys_efx-350Match-

Node

sloanbasys_efx-375_firmwareMatch-

AND

sloanbasys_efx-375Match-

Node

sloanbasys_efx-377_firmwareMatch-

AND

sloanbasys_efx-377Match-

Node

sloanbasys_efx-380_firmwareMatch-

AND

sloanbasys_efx-380Match-

Node

sloanbasys_efx-600_firmwareMatch-

AND

sloanbasys_efx-600Match-

Node

sloanbasys_efx-650_firmwareMatch-

AND

sloanbasys_efx-650Match-

Node

sloanbasys_efx-675_firmwareMatch-

AND

sloanbasys_efx-675Match-

Node

sloanbasys_efx-677_firmwareMatch-

AND

sloanbasys_efx-677Match-

Node

sloanbasys_efx-680_firmwareMatch-

AND

sloanbasys_efx-680Match-

Node

sloanbasys_efx-200_firmwareMatch-

AND

sloanbasys_efx-200Match-

Node

sloanbasys_efx-250_firmwareMatch-

AND

sloanbasys_efx-250Match-

Node

sloanbasys_efx-275_firmwareMatch-

AND

sloanbasys_efx-275Match-

Node

sloanbasys_efx-277_firmwareMatch-

AND

sloanbasys_efx-277Match-

Node

sloanbasys_efx-280_firmwareMatch-

AND

sloanbasys_efx-280Match-

Node

sloanbasys_efx-100_firmwareMatch-

AND

sloanbasys_efx-100Match-

Node

sloanbasys_efx-150_firmwareMatch-

AND

sloanbasys_efx-150Match-

Node

sloanbasys_efx-175_firmwareMatch-

AND

sloanbasys_efx-175Match-

Node

sloanbasys_efx-177_firmwareMatch-

AND

sloanbasys_efx-177Match-

Node

sloanbasys_efx-180_firmwareMatch-

AND

sloanbasys_efx-180Match-

Node

sloanbasys_efx-800_firmwareMatch-

AND

sloanbasys_efx-800Match-

Node

sloanbasys_efx-850_firmwareMatch-

AND

sloanbasys_efx-850Match-

Node

sloansolis_8111_firmwareMatch-

AND

sloansolis_8111Match-

Node

sloansolis_8186_firmwareMatch-

AND

sloansolis_8186Match-

Node

sloansolis_ress-c_firmwareMatch-

AND

sloansolis_ress-cMatch-

Node

sloansolis_ress-u_firmwareMatch-

AND

sloansolis_ress-uMatch-

Node

sloansolis_8152_firmwareMatch-

AND

sloansolis_8152Match-

Node

sloansolis_8195_firmwareMatch-

AND

sloansolis_8195Match-

Node

sloansolis_8115_firmwareMatch-

AND

sloansolis_8115Match-

Node

sloansolis_8110_firmwareMatch-

AND

sloansolis_8110Match-

Node

sloansolis_8180_firmwareMatch-

AND

sloansolis_8180Match-

Node

sloansolis_8113_firmwareMatch-

AND

sloansolis_8113Match-

Node

sloansolis_8137_firmwareMatch-

AND

sloansolis_8137Match-

Node

sloansolis_bpw_8000_firmwareMatch-

AND

sloansolis_bpw_8000Match-

Node

sloansolis_8116_firmwareMatch-

AND

sloansolis_8116Match-

Node

sloansolis_8111_bt_firmwareMatch-

AND

sloansolis_8111_btMatch-

Node

sloansolis_8153_firmwareMatch-

AND

sloansolis_8153Match-

Node

sloansolis_8186_bt_firmwareMatch-

AND

sloansolis_8186_btMatch-

Node

sloansolis_ress-c_bt_firmwareMatch-

AND

sloansolis_ress-c_btMatch-

Node

sloansolis_ress-u_bt_firmwareMatch-

AND

sloansolis_ress-u_btMatch-

CPENameOperatorVersion
sloan:optima_eaf-100_firmwaresloan optima eaf-100 firmwareeq-

CPE	Name	Operator	Version
sloan:optima_eaf-100_firmware	sloan optima eaf-100 firmware	eq	-

CNA Affected

[
  {
    "product": "SLOAN",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All known versions"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2021-26-0

Social References

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVE-2021-20107

prion1 nvd1 cvelist1