Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos WLAN industriales de Weidmueller en m\u00faltiples versiones existe una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad de nombre de host. Una entrada especialmente dise\u00f1ada para la informaci\u00f3n de configuraci\u00f3n de la red puede causar la ejecuci\u00f3n de comandos arbitrarios del sistema, lo que resulta en el control total del dispositivo. Un atacante puede enviar varias peticiones mientras est\u00e1 autenticado como usuario con altos privilegios para activar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33534",
  "lastModified": "2024-11-21T06:09:01.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.297",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad iw_webs. Un par\u00e1metro iw_serverip especialmente dise\u00f1ado puede causar a una entrada del usuario sea reflejada en una llamada subsiguiente de iw_system, resultando en un control remoto sobre el dispositivo. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33533",
  "lastModified": "2024-11-21T06:09:01.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.227",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de control de acceso inapropiado en la funcionalidad account settings iw_webs. Una entrada de nombre de usuario especialmente dise\u00f1ada puede causar la sobreescritura de una contrase\u00f1a de cuenta de usuario existente, resultando en un acceso de shell remoto al dispositivo como ese usuario. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33538",
  "lastModified": "2024-11-21T06:09:02.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.570",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, el uso de claves criptogr\u00e1ficas embebidas en el binario del agente de servicio permite el descifrado del tr\u00e1fico capturado a trav\u00e9s de la red desde o hacia el dispositivo"
    }
  ],
  "id": "CVE-2021-33529",
  "lastModified": "2024-11-21T06:09:00.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:08.940",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de uso de credenciales embebidas en m\u00faltiples utilidades iw_*. El sistema operativo del dispositivo contiene una contrase\u00f1a de cifrado no documentada, permitiendo la creaci\u00f3n de scripts de diagn\u00f3stico personalizados. Un atacante puede enviar scripts de diagn\u00f3stico mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33531",
  "lastModified": "2024-11-21T06:09:01.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.080",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C19C9E-99C5-4D4F-8FC6-9038B105F64A",
              "versionEndIncluding": "v1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de omisi\u00f3n de autenticaci\u00f3n en el procesamiento del nombre de host. Un nombre de host del dispositivo especialmente configurado puede causar al dispositivo interpretar el tr\u00e1fico remoto seleccionado como tr\u00e1fico local, resultando en una omisi\u00f3n de la autenticaci\u00f3n web. Un atacante puede enviar peticiones SNMP autenticadas para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33539",
  "lastModified": "2024-11-21T06:09:02.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.633",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de cadena de formato en la funcionalidad iw_console conio_writestr. Una entrada del servidor de tiempo especialmente dise\u00f1ada puede causar un desbordamiento de b\u00fafer del servidor de tiempo, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33535",
  "lastModified": "2024-11-21T06:09:01.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.357",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de escalada de privilegios explotable en la funcionalidad iw_console. Una cadena de selecci\u00f3n de men\u00fas especialmente dise\u00f1ada puede causar un escape de la consola restringida, resultando en un acceso al sistema como usuario root. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33528",
  "lastModified": "2024-11-21T06:09:00.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:08.877",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-710"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en la funcionalidad ServiceAgent. Un paquete especialmente dise\u00f1ado puede causar un desbordamiento de enteros, desencadenando un gran memcpy que acceder\u00e1 a memoria no asignada o fuera de l\u00edmites. Un atacante puede enviar este paquete mientras no est\u00e1 autenticado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33536",
  "lastModified": "2024-11-21T06:09:02.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.430",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-191"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad iw_webs. Un nombre de archivo de script de diagn\u00f3stico especialmente dise\u00f1ado puede causar que la entrada del usuario sea reflejada en una llamada subsiguiente de iw_system, resultando en un control remoto sobre el dispositivo. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33532",
  "lastModified": "2024-11-21T06:09:01.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.150",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad encrypted diagnostic script de los dispositivos. Un archivo de script de diagn\u00f3stico especialmente dise\u00f1ado puede causar que comandos arbitrarios de busybox, sean ejecutados, resultando en un control remoto sobre el dispositivo. Un atacante puede enviar el diagn\u00f3stico mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33530",
  "lastModified": "2024-11-21T06:09:01.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.010",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-25 19:15

Modified

2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

▶	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota explotable en la funcionalidad configuration parsing iw_webs. Una entrada de nombre de usuario especialmente dise\u00f1ada puede causar un desbordamiento de b\u00fafer de mensaje de error, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33537",
  "lastModified": "2024-11-21T06:09:02.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.503",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

CVE-2021-33531 (GCVE-0-2021-33531)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-16 23:16

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-798 - Use of Hard-coded Credentials

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:56",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33531",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33531",
    "datePublished": "2021-06-25T18:25:56.622853Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T23:16:36.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33538 (GCVE-0-2021-33538)

Vulnerability from cvelistv5

Published

2021-06-25 18:26

Modified

2024-09-16 23:47

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:02",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by improper access control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33538",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by improper access control vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33538",
    "datePublished": "2021-06-25T18:26:02.939847Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T23:47:04.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33537 (GCVE-0-2021-33537)

Vulnerability from cvelistv5

Published

2021-06-25 18:26

Modified

2024-09-17 02:57

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:01",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33537",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33537",
    "datePublished": "2021-06-25T18:26:01.893809Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T02:57:37.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33528 (GCVE-0-2021-33528)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-16 20:02

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-710 - Improper Adherence to Coding Standards

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-710",
              "description": "CWE-710 Improper Adherence to Coding Standards",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:53",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33528",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-710 Improper Adherence to Coding Standards"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33528",
    "datePublished": "2021-06-25T18:25:53.966348Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T20:02:22.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33532 (GCVE-0-2021-33532)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-17 01:25

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:57",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33532",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33532",
    "datePublished": "2021-06-25T18:25:57.477465Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T01:25:59.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33529 (GCVE-0-2021-33529)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-16 17:52

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-798 - Use of Hard-coded Credentials

Summary

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:54",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33529",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33529",
    "datePublished": "2021-06-25T18:25:54.843420Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T17:52:51.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33536 (GCVE-0-2021-33536)

Vulnerability from cvelistv5

Published

2021-06-25 18:26

Modified

2024-09-17 03:38

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-191 - Integer Underflow (Wrap or Wraparound)

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:01",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33536",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33536",
    "datePublished": "2021-06-25T18:26:01.011824Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T03:38:31.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33533 (GCVE-0-2021-33533)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-17 02:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:58",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33533",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33533",
    "datePublished": "2021-06-25T18:25:58.364798Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T02:07:08.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33530 (GCVE-0-2021-33530)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-17 02:01

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:55",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33530",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33530",
    "datePublished": "2021-06-25T18:25:55.735016Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T02:01:49.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33539 (GCVE-0-2021-33539)

Vulnerability from cvelistv5

Published

2021-06-25 18:26

Modified

2024-09-16 17:43

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:03",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33539",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287 Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33539",
    "datePublished": "2021-06-25T18:26:03.815899Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T17:43:21.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33534 (GCVE-0-2021-33534)

Vulnerability from cvelistv5

Published

2021-06-25 18:25

Modified

2024-09-17 04:20

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-02T10:33:06",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33534",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33534",
    "datePublished": "2021-06-25T18:25:59.235511Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T04:20:16.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33535 (GCVE-0-2021-33535)

Vulnerability from cvelistv5

Published

2021-06-25 18:26

Modified

2024-09-17 01:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

►

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Version: IE-WL-BL-AP-CL-EU (2536600000)   <
Version: IE-WLT-BL-AP-CL-EU (2536650000)   <
Version: IE-WL-BL-AP-CL-US (2536660000)   <
Version: IE-WLT-BL-AP-CL-US (2536670000)   <

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Version: IE-WL-VL-AP-BR-CL-EU (2536680000)   <
Version: IE-WLT-VL-AP-BR-CL-EU (2536690000)   <
Version: IE-WL-VL-AP-BR-CL-US (2536700000)   <
Version: IE-WLT-VL-AP-BR-CL-US (2536710000)   <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:00",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33535",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-134 Use of Externally-Controlled Format String"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33535",
    "datePublished": "2021-06-25T18:26:00.125539Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T01:15:45.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to weidmueller - ie-wlt-vl-ap-br-cl-us

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

CVE-2021-33531 (GCVE-0-2021-33531)

Vulnerability from cvelistv5

CVE-2021-33538 (GCVE-0-2021-33538)

Vulnerability from cvelistv5

CVE-2021-33537 (GCVE-0-2021-33537)

Vulnerability from cvelistv5

CVE-2021-33528 (GCVE-0-2021-33528)

Vulnerability from cvelistv5

CVE-2021-33532 (GCVE-0-2021-33532)

Vulnerability from cvelistv5

CVE-2021-33529 (GCVE-0-2021-33529)

Vulnerability from cvelistv5

CVE-2021-33536 (GCVE-0-2021-33536)

Vulnerability from cvelistv5

CVE-2021-33533 (GCVE-0-2021-33533)

Vulnerability from cvelistv5

CVE-2021-33530 (GCVE-0-2021-33530)

Vulnerability from cvelistv5

CVE-2021-33539 (GCVE-0-2021-33539)

Vulnerability from cvelistv5

CVE-2021-33534 (GCVE-0-2021-33534)

Vulnerability from cvelistv5

CVE-2021-33535 (GCVE-0-2021-33535)

Vulnerability from cvelistv5