Vulnerabilites related to enbra - ewm
Vulnerability from fkie_nvd
Published
2021-09-16 13:15
Modified
2024-11-21 06:10
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C983990C-D1DE-42C2-B6A2-8D9BD0B5A4FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data."
},
{
"lang": "es",
"value": "Enbra EWM versi\u00f3n 1.7.29, no comprueba ni detecta los ataques de repetici\u00f3n enviados por los dispositivos inal\u00e1mbricos M-Bus Security mode 5. En su lugar, las marcas de tiempo del sensor se sustituyen por la hora de la lectura, incluso si los datos son una repetici\u00f3n de datos anteriores"
}
],
"id": "CVE-2021-34572",
"lastModified": "2024-11-21T06:10:43.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-16T13:15:14.310",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-16 13:15
Modified
2024-11-21 06:10
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C983990C-D1DE-42C2-B6A2-8D9BD0B5A4FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."
},
{
"lang": "es",
"value": "M\u00faltiples dispositivos M-Bus inal\u00e1mbricos de Enbra, usan Credenciales Embebidas en Security mode 5 sin una opci\u00f3n para cambiar la clave de cifrado. Un adversario puede aprender toda la informaci\u00f3n disponible en Enbra EWM"
}
],
"id": "CVE-2021-34571",
"lastModified": "2024-11-21T06:10:43.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-16T13:15:14.200",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-16 13:15
Modified
2024-11-21 06:10
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C983990C-D1DE-42C2-B6A2-8D9BD0B5A4FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and \"no flow\" are not reconized or misinterpreted. This may lead to wrong values and missing events."
},
{
"lang": "es",
"value": "En Enbra EWM versi\u00f3n 1.7.29, junto con varios sensores inal\u00e1mbricos M-Bus probados, los eventos backflow y \"no flow\" no son reconocidos o son interpretados err\u00f3neamente. Esto puede conllevar a valores err\u00f3neos y eventos perdidos"
}
],
"id": "CVE-2021-34573",
"lastModified": "2024-11-21T06:10:43.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-16T13:15:14.557",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
CVE-2021-34572 (GCVE-0-2021-34572)
Vulnerability from cvelistv5
Published
2021-09-16 12:20
Modified
2024-09-16 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Enbra | EWM 1.7.29 |
Version: 03.11.2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EWM 1.7.29",
"vendor": "Enbra",
"versions": [
{
"status": "affected",
"version": "03.11.2019"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:16",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Verification of Data Authenticity in Enbra EWM (replay attack)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34572",
"STATE": "PUBLIC",
"TITLE": "Insufficient Verification of Data Authenticity in Enbra EWM (replay attack)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EWM 1.7.29",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "03.11.2019"
}
]
}
}
]
},
"vendor_name": "Enbra"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34572",
"datePublished": "2021-09-16T12:20:16.725908Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T17:23:17.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34573 (GCVE-0-2021-34573)
Vulnerability from cvelistv5
Published
2021-09-16 12:20
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-682 - Incorrect Calculation
Summary
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Enbra | AT-WMBUS-16-2 |
Version: all |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AT-WMBUS-16-2",
"vendor": "Enbra",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ER-AM DN 15",
"vendor": "Enbra",
"versions": [
{
"status": "affected",
"version": "ER-AM DN 15/SV all"
},
{
"status": "affected",
"version": "ER-AM DN 15/TV all"
}
]
},
{
"product": "EWM 1.7.29",
"vendor": "Enbra",
"versions": [
{
"status": "affected",
"version": "03.11.2019"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and \"no flow\" are not reconized or misinterpreted. This may lead to wrong values and missing events."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:18",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect calculation in Enbra EWM does not report backflows or no flow events",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34573",
"STATE": "PUBLIC",
"TITLE": "Incorrect calculation in Enbra EWM does not report backflows or no flow events"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AT-WMBUS-16-2",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
},
{
"product_name": "ER-AM DN 15",
"version": {
"version_data": [
{
"version_name": "ER-AM DN 15/SV",
"version_value": "all"
},
{
"version_name": "ER-AM DN 15/TV",
"version_value": "all"
}
]
}
},
{
"product_name": "EWM 1.7.29",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "03.11.2019"
}
]
}
}
]
},
"vendor_name": "Enbra"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and \"no flow\" are not reconized or misinterpreted. This may lead to wrong values and missing events."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34573",
"datePublished": "2021-09-16T12:20:18.226237Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T02:21:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34571 (GCVE-0-2021-34571)
Vulnerability from cvelistv5
Published
2021-09-16 12:20
Modified
2024-09-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Enbra | AT-WMBUS-16-2 | ||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AT-WMBUS-16-2",
"vendor": "Enbra",
"versions": [
{
"status": "unknown",
"version": "all"
}
]
},
{
"product": "ER-AM DN 15",
"vendor": "Enbra",
"versions": [
{
"status": "unknown",
"version": "ER-AM DN 15/SV all"
},
{
"status": "unknown",
"version": "ER-AM DN 15/TV all"
}
]
},
{
"product": "EWM 1.7.29",
"vendor": "Enbra",
"versions": [
{
"status": "affected",
"version": "03.11.2019"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:15",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hard-coded Credentials in Enbra Wireless M-Bus devices",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34571",
"STATE": "PUBLIC",
"TITLE": "Hard-coded Credentials in Enbra Wireless M-Bus devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AT-WMBUS-16-2",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "all"
}
]
}
},
{
"product_name": "ER-AM DN 15",
"version": {
"version_data": [
{
"version_affected": "?",
"version_name": "ER-AM DN 15/SV",
"version_value": "all"
},
{
"version_affected": "?",
"version_name": "ER-AM DN 15/TV",
"version_value": "all"
}
]
}
},
{
"product_name": "EWM 1.7.29",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "03.11.2019"
}
]
}
}
]
},
"vendor_name": "Enbra"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34571",
"datePublished": "2021-09-16T12:20:15.225232Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T16:13:55.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}