Details of VAR-202106-1207

ID

VAR-202106-1207

CVE

CVE-2021-33538

TITLE

plural Weidmueller Industrial WLAN Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-008532

DESCRIPTION

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. plural Weidmueller Industrial WLAN There is an unspecified vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany

Trust: 2.16

sources: NVD: CVE-2021-33538 // JVNDB: JVNDB-2021-008532 // CNVD: CNVD-2021-48140

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-48140

AFFECTED PRODUCTS

vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6

sources: CNVD: CNVD-2021-48140 // JVNDB: JVNDB-2021-008532 // NVD: CVE-2021-33538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33538
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-33538
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33538
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-48140
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-1753
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-33538
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-48140
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33538
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-33538
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-48140 // JVNDB: JVNDB-2021-008532 // CNNVD: CNNVD-202106-1753 // NVD: CVE-2021-33538 // NVD: CVE-2021-33538

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-269	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008532 // NVD: CVE-2021-33538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1753

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1753

PATCH

title:	Top Page	url:	https://www.weidmueller.com/int/index.jsp	Trust: 0.8
title:	Patch for Weidmueller Industrial WLAN devices access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/277166	Trust: 0.6

sources: CNVD: CNVD-2021-48140 // JVNDB: JVNDB-2021-008532

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33538	Trust: 3.8
db:	CERT@VDE	id:	VDE-2021-026	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-008532	Trust: 0.8
db:	CNVD	id:	CNVD-2021-48140	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1753	Trust: 0.6

sources: CNVD: CNVD-2021-48140 // JVNDB: JVNDB-2021-008532 // CNNVD: CNNVD-202106-1753 // NVD: CVE-2021-33538

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-026	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33538	Trust: 0.8

sources: CNVD: CNVD-2021-48140 // JVNDB: JVNDB-2021-008532 // CNNVD: CNNVD-202106-1753 // NVD: CVE-2021-33538

SOURCES

db:	CNVD	id:	CNVD-2021-48140
db:	JVNDB	id:	JVNDB-2021-008532
db:	CNNVD	id:	CNNVD-202106-1753
db:	NVD	id:	CVE-2021-33538

LAST UPDATE DATE

2024-09-11T22:42:08.350000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-48140	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008532	date:	2024-09-10T08:06:00
db:	CNNVD	id:	CNNVD-202106-1753	date:	2022-10-26T00:00:00
db:	NVD	id:	CVE-2021-33538	date:	2022-10-25T23:43:53.850

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-48140	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008532	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1753	date:	2021-06-25T00:00:00
db:	NVD	id:	CVE-2021-33538	date:	2021-06-25T19:15:09.570