Lucene search

CERTVDECVELIST:CVE-2021-20999

HistoryMay 13, 2021 - 1:45 p.m.

CVE-2021-20999 WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways

2021-05-1313:45:25

CWE-668

CERTVDE

www.cve.org

weidmüller

u-controls

iot-gateways

network port

vulnerability

manipulation

operation stoppage

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

CNA Affected

[
  {
    "product": "UC20-WL2000-AC (No. 1334950000)",
    "vendor": "Weidmüller",
    "versions": [
      {
        "lessThanOrEqual": "1.9.0",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "1.10.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.1",
        "status": "affected",
        "version": "1.11.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "UC20-WL2000-IOT (No. 1334990000)",
    "vendor": "Weidmüller",
    "versions": [
      {
        "lessThanOrEqual": "1.9.0",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "1.10.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.1",
        "status": "affected",
        "version": "1.11.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IOT-GW30 (No. 2682620000)",
    "vendor": "Weidmüller",
    "versions": [
      {
        "lessThanOrEqual": "1.9.0",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "1.10.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.1",
        "status": "affected",
        "version": "1.11.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IOT-GW30-4G-EU (No. 2682630000)",
    "vendor": "Weidmüller",
    "versions": [
      {
        "lessThanOrEqual": "1.9.0",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "1.10.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.1",
        "status": "affected",
        "version": "1.11.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-016

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for CVELIST:CVE-2021-20999