FKIE_CVE-2021-33536
Vulnerability from fkie_nvd - Published: 2021-06-25 19:15 - Updated: 2024-11-21 06:09
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2021-026 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2021-026 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
"versionEndIncluding": "1.16.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
"versionEndIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
},
{
"lang": "es",
"value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en la funcionalidad ServiceAgent. Un paquete especialmente dise\u00f1ado puede causar un desbordamiento de enteros, desencadenando un gran memcpy que acceder\u00e1 a memoria no asignada o fuera de l\u00edmites. Un atacante puede enviar este paquete mientras no est\u00e1 autenticado para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2021-33536",
"lastModified": "2024-11-21T06:09:02.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T19:15:09.430",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…