Search criteria
6 vulnerabilities found for picoflux_air_firmware by kadenvodomery
FKIE_CVE-2021-34577
Vulnerability from fkie_nvd - Published: 2022-11-09 17:15 - Updated: 2024-11-21 06:10
Severity ?
Summary
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://www.fit.vutbr.cz/~polcak/CVE-2021-34577 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fit.vutbr.cz/~polcak/CVE-2021-34577 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kadenvodomery | picoflux_air_firmware | - | |
| kadenvodomery | picoflux_air | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E997A4A7-18BF-4D96-9BA4-693546CC9B89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6CD16-D38E-4B3C-9FBF-BF017B41D021",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."
},
{
"lang": "es",
"value": "En el medidor de agua Kaden PICOFLUX AiR, un adversario puede leer los valores a trav\u00e9s del modo inal\u00e1mbrico M-Bus 5 con una clave compartida codificada mientras se encuentra junto al dispositivo."
}
],
"id": "CVE-2021-34577",
"lastModified": "2024-11-21T06:10:44.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-11-09T17:15:10.080",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-34576
Vulnerability from fkie_nvd - Published: 2021-09-16 13:15 - Updated: 2024-11-21 06:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kadenvodomery | picoflux_air_firmware | - | |
| kadenvodomery | picoflux_air | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E997A4A7-18BF-4D96-9BA4-693546CC9B89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6CD16-D38E-4B3C-9FBF-BF017B41D021",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
},
{
"lang": "es",
"value": "En Kaden PICOFLUX Air en todas las versiones conocidas se presenta una exposici\u00f3n de informaci\u00f3n mediante una discrepancia observable. Esto puede dar informaci\u00f3n confidencial (consumo de agua sin valores distintos) a terceros"
}
],
"id": "CVE-2021-34576",
"lastModified": "2024-11-21T06:10:44.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-16T13:15:14.817",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
CVE-2021-34577 (GCVE-0-2021-34577)
Vulnerability from cvelistv5 – Published: 2022-11-09 16:11 – Updated: 2025-05-01 19:16
VLAI?
Title
Hardcoded credentials in Kaden PICOFLUX AiR
Summary
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.
Severity ?
6.5 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaden | PICOFLUX AiR |
Affected:
all
|
Credits
Libor POLČÁK reported to CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:16:21.657086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:16:45.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PICOFLUX AiR",
"vendor": "Kaden",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-09-16T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."
}
],
"value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T16:11:03.018Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hardcoded credentials in Kaden PICOFLUX AiR",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34577",
"datePublished": "2022-11-09T16:11:03.018Z",
"dateReserved": "2021-06-10T19:19:08.025Z",
"dateUpdated": "2025-05-01T19:16:45.077Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34576 (GCVE-0-2021-34576)
Vulnerability from cvelistv5 – Published: 2021-09-16 12:20 – Updated: 2024-09-17 02:31
VLAI?
Title
Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption
Summary
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.
Severity ?
4.3 (Medium)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaden | PICOFLUX AiR |
Affected:
all
|
Credits
Libor POLČÁK reported to CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PICOFLUX AiR",
"vendor": "Kaden",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:19",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34576",
"STATE": "PUBLIC",
"TITLE": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PICOFLUX AiR",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Kaden"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34576",
"datePublished": "2021-09-16T12:20:19.792795Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T02:31:17.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34577 (GCVE-0-2021-34577)
Vulnerability from nvd – Published: 2022-11-09 16:11 – Updated: 2025-05-01 19:16
VLAI?
Title
Hardcoded credentials in Kaden PICOFLUX AiR
Summary
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.
Severity ?
6.5 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaden | PICOFLUX AiR |
Affected:
all
|
Credits
Libor POLČÁK reported to CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:16:21.657086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:16:45.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PICOFLUX AiR",
"vendor": "Kaden",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-09-16T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."
}
],
"value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T16:11:03.018Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hardcoded credentials in Kaden PICOFLUX AiR",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34577",
"datePublished": "2022-11-09T16:11:03.018Z",
"dateReserved": "2021-06-10T19:19:08.025Z",
"dateUpdated": "2025-05-01T19:16:45.077Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34576 (GCVE-0-2021-34576)
Vulnerability from nvd – Published: 2021-09-16 12:20 – Updated: 2024-09-17 02:31
VLAI?
Title
Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption
Summary
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.
Severity ?
4.3 (Medium)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaden | PICOFLUX AiR |
Affected:
all
|
Credits
Libor POLČÁK reported to CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PICOFLUX AiR",
"vendor": "Kaden",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:19",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34576",
"STATE": "PUBLIC",
"TITLE": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PICOFLUX AiR",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Kaden"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34576",
"datePublished": "2021-09-16T12:20:19.792795Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T02:31:17.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}