Details of VAR-202106-1212

ID

VAR-202106-1212

CVE

CVE-2021-33528

TITLE

plural Weidmueller Industrial WLAN Vulnerability in improper compliance with coding standards on devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-008523

DESCRIPTION

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. plural Weidmueller Industrial WLAN Devices contain vulnerabilities to improper compliance with coding standards.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany

Trust: 2.25

sources: NVD: CVE-2021-33528 // JVNDB: JVNDB-2021-008523 // CNVD: CNVD-2021-48132 // VULMON: CVE-2021-33528

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-48132

AFFECTED PRODUCTS

vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6

sources: CNVD: CNVD-2021-48132 // JVNDB: JVNDB-2021-008523 // NVD: CVE-2021-33528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33528
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-33528
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33528
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-48132
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-1745
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-33528
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-33528
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-48132
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33528
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008523
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-48132 // VULMON: CVE-2021-33528 // JVNDB: JVNDB-2021-008523 // CNNVD: CNNVD-202106-1745 // NVD: CVE-2021-33528 // NVD: CVE-2021-33528

PROBLEMTYPE DATA

problemtype:	CWE-710	Trust: 1.0
problemtype:	Inappropriate adherence to coding standards (CWE-710) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008523 // NVD: CVE-2021-33528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1745

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1745

PATCH

title:	Top Page	url:	https://www.weidmueller.com/int/index.jsp	Trust: 0.8
title:	Patch for Unidentified vulnerabilities in Weidmueller Industrial WLAN devices	url:	https://www.cnvd.org.cn/patchInfo/show/277126	Trust: 0.6
title:	CVE-2021-33528	url:	https://github.com/AlAIAL90/CVE-2021-33528	Trust: 0.1

sources: CNVD: CNVD-2021-48132 // VULMON: CVE-2021-33528 // JVNDB: JVNDB-2021-008523

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33528	Trust: 3.9
db:	CERT@VDE	id:	VDE-2021-026	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-008523	Trust: 0.8
db:	CNVD	id:	CNVD-2021-48132	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1745	Trust: 0.6
db:	VULMON	id:	CVE-2021-33528	Trust: 0.1

sources: CNVD: CNVD-2021-48132 // VULMON: CVE-2021-33528 // JVNDB: JVNDB-2021-008523 // CNNVD: CNNVD-202106-1745 // NVD: CVE-2021-33528

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-026	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33528	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/710.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2021-33528	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-48132 // VULMON: CVE-2021-33528 // JVNDB: JVNDB-2021-008523 // CNNVD: CNNVD-202106-1745 // NVD: CVE-2021-33528

SOURCES

db:	CNVD	id:	CNVD-2021-48132
db:	VULMON	id:	CVE-2021-33528
db:	JVNDB	id:	JVNDB-2021-008523
db:	CNNVD	id:	CNNVD-202106-1745
db:	NVD	id:	CVE-2021-33528

LAST UPDATE DATE

2024-08-14T13:23:31.511000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-48132	date:	2021-07-07T00:00:00
db:	VULMON	id:	CVE-2021-33528	date:	2021-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-008523	date:	2022-03-18T06:29:00
db:	CNNVD	id:	CNNVD-202106-1745	date:	2021-07-01T00:00:00
db:	NVD	id:	CVE-2021-33528	date:	2021-07-27T20:50:25.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-48132	date:	2021-07-07T00:00:00
db:	VULMON	id:	CVE-2021-33528	date:	2021-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-008523	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1745	date:	2021-06-25T00:00:00
db:	NVD	id:	CVE-2021-33528	date:	2021-06-25T19:15:08.877