Details of VAR-202106-1220

ID

VAR-202106-1220

CVE

CVE-2021-33536

TITLE

plural Weidmueller Industrial WLAN Integer underflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-008530

DESCRIPTION

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. plural Weidmueller Industrial WLAN The device contains an integer underflow vulnerability.Denial of service (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany

Trust: 2.16

sources: NVD: CVE-2021-33536 // JVNDB: JVNDB-2021-008530 // CNVD: CNVD-2021-48138

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-48138

AFFECTED PRODUCTS

vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6

sources: CNVD: CNVD-2021-48138 // JVNDB: JVNDB-2021-008530 // NVD: CVE-2021-33536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33536
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-33536
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33536
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-48138
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1751
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-33536
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-48138
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33536
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008530
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-48138 // JVNDB: JVNDB-2021-008530 // CNNVD: CNNVD-202106-1751 // NVD: CVE-2021-33536 // NVD: CVE-2021-33536

PROBLEMTYPE DATA

problemtype:	CWE-191	Trust: 1.0
problemtype:	Integer underflow (CWE-191) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008530 // NVD: CVE-2021-33536

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1751

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-202106-1751

PATCH

title:	Top Page	url:	https://www.weidmueller.com/int/index.jsp	Trust: 0.8
title:	Patch for Weidmueller Industrial WLAN devices Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/277156	Trust: 0.6

sources: CNVD: CNVD-2021-48138 // JVNDB: JVNDB-2021-008530

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33536	Trust: 3.8
db:	CERT@VDE	id:	VDE-2021-026	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-008530	Trust: 0.8
db:	CNVD	id:	CNVD-2021-48138	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1751	Trust: 0.6

sources: CNVD: CNVD-2021-48138 // JVNDB: JVNDB-2021-008530 // CNNVD: CNNVD-202106-1751 // NVD: CVE-2021-33536

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-026	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33536	Trust: 1.4

sources: CNVD: CNVD-2021-48138 // JVNDB: JVNDB-2021-008530 // CNNVD: CNNVD-202106-1751 // NVD: CVE-2021-33536

SOURCES

db:	CNVD	id:	CNVD-2021-48138
db:	JVNDB	id:	JVNDB-2021-008530
db:	CNNVD	id:	CNNVD-202106-1751
db:	NVD	id:	CVE-2021-33536

LAST UPDATE DATE

2024-08-14T13:23:31.634000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-48138	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008530	date:	2022-03-18T06:30:00
db:	CNNVD	id:	CNNVD-202106-1751	date:	2021-07-01T00:00:00
db:	NVD	id:	CVE-2021-33536	date:	2021-07-27T20:53:13.007

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-48138	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008530	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1751	date:	2021-06-25T00:00:00
db:	NVD	id:	CVE-2021-33536	date:	2021-06-25T19:15:09.430