CVE-2021-33531 (GCVE-0-2021-33531)

Vulnerability from cvelistv5 – Published: 2021-06-25 18:25 – Updated: 2024-09-16 23:16
VLAI?
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
Weidmüller IE-WL(T)-BL-AP-CL-XX Affected: IE-WL-BL-AP-CL-EU (2536600000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-EU (2536650000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WL-BL-AP-CL-US (2536660000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-US (2536670000) , ≤ V1.16.18 (Build 18081617) (custom)
Create a notification for this product.
    Weidmüller IE-WL(T)-VL-AP-CL-XX Affected: IE-WL-VL-AP-BR-CL-EU (2536680000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-EU (2536690000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WL-VL-AP-BR-CL-US (2536700000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-US (2536710000) , ≤ V1.11.10 (Build 18122616) (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:25:56",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33531",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33531",
    "datePublished": "2021-06-25T18:25:56.622853Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-16T23:16:36.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"4E409B45-BF28-41AD-B3A7-656FBAF9597D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26A4612B-2370-42CA-8EC4-5C74382ABDA6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"17F26A4C-FDBA-48A8-AC05-1A779F0051F3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC895FDA-C846-4885-AADB-DED6EC868C3B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"0C589467-C35D-43E8-AE06-9C0541DF2190\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97D7BBC3-6F43-47B5-81E2-431C8837BB3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"2E1B5E87-7D1E-45FD-894C-31167B80BEB1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D38EC42-5C2E-4ACE-88A1-2890632E51DA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"5C2C095A-F606-4A7A-9836-EAA17A648E50\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17790AD1-5DE3-47F4-A16C-67C7DFE56128\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23E4AE7D-CA1F-45FC-9D8F-725E71832D2A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"C171799A-4FEE-43F4-A7EE-8B1A52828FF7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DED5CF2-3B42-4D92-9647-AC54D07C6B20\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.16.18\", \"matchCriteriaId\": \"AF79779D-863D-4B8B-A4B4-BFD0F3528442\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1209D9A9-D6AA-44C3-AD34-18C145851D5B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"F6210516-CB15-4099-B91E-63AE16C71B17\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26A4612B-2370-42CA-8EC4-5C74382ABDA6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"BA154861-7D17-4FF1-8326-6B01B1E4A624\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC895FDA-C846-4885-AADB-DED6EC868C3B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"E865089B-638A-491A-9527-EB1A21C9A3D9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97D7BBC3-6F43-47B5-81E2-431C8837BB3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D38EC42-5C2E-4ACE-88A1-2890632E51DA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"B455D775-9B0E-4DCF-BDA6-0861F5C34362\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17790AD1-5DE3-47F4-A16C-67C7DFE56128\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"EE88298B-D13E-4B19-8C77-15FB57FC4A9A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23E4AE7D-CA1F-45FC-9D8F-725E71832D2A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"4D71C498-B58B-4FDC-AA9F-508D61F03E8B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DED5CF2-3B42-4D92-9647-AC54D07C6B20\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.10\", \"matchCriteriaId\": \"16DA2FEB-D762-44C1-9C45-3FC6017CE1D7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1209D9A9-D6AA-44C3-AD34-18C145851D5B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"En los dispositivos Weidmueller Industrial WLAN en m\\u00faltiples versiones, se presenta una vulnerabilidad explotable de uso de credenciales embebidas en m\\u00faltiples utilidades iw_*. El sistema operativo del dispositivo contiene una contrase\\u00f1a de cifrado no documentada, permitiendo la creaci\\u00f3n de scripts de diagn\\u00f3stico personalizados. Un atacante puede enviar scripts de diagn\\u00f3stico mientras est\\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad\"}]",
      "id": "CVE-2021-33531",
      "lastModified": "2024-11-21T06:09:01.230",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-06-25T19:15:09.080",
      "references": "[{\"url\": \"https://cert.vde.com/en-us/advisories/vde-2021-026\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en-us/advisories/vde-2021-026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-33531\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2021-06-25T19:15:09.080\",\"lastModified\":\"2024-11-21T06:09:01.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de uso de credenciales embebidas en m\u00faltiples utilidades iw_*. El sistema operativo del dispositivo contiene una contrase\u00f1a de cifrado no documentada, permitiendo la creaci\u00f3n de scripts de diagn\u00f3stico personalizados. Un atacante puede enviar scripts de diagn\u00f3stico mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"4E409B45-BF28-41AD-B3A7-656FBAF9597D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A4612B-2370-42CA-8EC4-5C74382ABDA6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"17F26A4C-FDBA-48A8-AC05-1A779F0051F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC895FDA-C846-4885-AADB-DED6EC868C3B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"0C589467-C35D-43E8-AE06-9C0541DF2190\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D7BBC3-6F43-47B5-81E2-431C8837BB3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"2E1B5E87-7D1E-45FD-894C-31167B80BEB1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D38EC42-5C2E-4ACE-88A1-2890632E51DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"5C2C095A-F606-4A7A-9836-EAA17A648E50\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17790AD1-5DE3-47F4-A16C-67C7DFE56128\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E4AE7D-CA1F-45FC-9D8F-725E71832D2A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"C171799A-4FEE-43F4-A7EE-8B1A52828FF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DED5CF2-3B42-4D92-9647-AC54D07C6B20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.16.18\",\"matchCriteriaId\":\"AF79779D-863D-4B8B-A4B4-BFD0F3528442\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1209D9A9-D6AA-44C3-AD34-18C145851D5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"F6210516-CB15-4099-B91E-63AE16C71B17\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A4612B-2370-42CA-8EC4-5C74382ABDA6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"BA154861-7D17-4FF1-8326-6B01B1E4A624\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC895FDA-C846-4885-AADB-DED6EC868C3B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"E865089B-638A-491A-9527-EB1A21C9A3D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D7BBC3-6F43-47B5-81E2-431C8837BB3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D38EC42-5C2E-4ACE-88A1-2890632E51DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"B455D775-9B0E-4DCF-BDA6-0861F5C34362\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17790AD1-5DE3-47F4-A16C-67C7DFE56128\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"EE88298B-D13E-4B19-8C77-15FB57FC4A9A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E4AE7D-CA1F-45FC-9D8F-725E71832D2A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"4D71C498-B58B-4FDC-AA9F-508D61F03E8B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DED5CF2-3B42-4D92-9647-AC54D07C6B20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.10\",\"matchCriteriaId\":\"16DA2FEB-D762-44C1-9C45-3FC6017CE1D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1209D9A9-D6AA-44C3-AD34-18C145851D5B\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2021-026\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2021-026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.