{"containers": {"cna": {"affected": [{"product": "IE-WL(T)-BL-AP-CL-XX", "vendor": "Weidm\u00fcller", "versions": [{"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WL-BL-AP-CL-EU (2536600000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WLT-BL-AP-CL-EU (2536650000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WL-BL-AP-CL-US (2536660000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WLT-BL-AP-CL-US (2536670000)", "versionType": "custom"}]}, {"product": "IE-WL(T)-VL-AP-CL-XX", "vendor": "Weidm\u00fcller", "versions": [{"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WL-VL-AP-BR-CL-US (2536700000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)", "versionType": "custom"}]}], "datePublic": "2021-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-25T18:25:56", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}], "solutions": [{"lang": "en", "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."}], "source": {"advisory": "VDE-2021-026", "defect": ["VDE-2021-026"], "discovery": "EXTERNAL"}, "title": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-06-23T10:00:00.000Z", "ID": "CVE-2021-33531", "STATE": "PUBLIC", "TITLE": "WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IE-WL(T)-BL-AP-CL-XX", "version": {"version_data": [{"version_affected": "<=", "version_name": "IE-WL-BL-AP-CL-EU (2536600000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WL-BL-AP-CL-US (2536660000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WLT-BL-AP-CL-US (2536670000)", "version_value": "V1.16.18 (Build 18081617)"}]}}, {"product_name": "IE-WL(T)-VL-AP-CL-XX", "version": {"version_data": [{"version_affected": "<=", "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)", "version_value": "V1.11.10 (Build 18122616)"}]}}]}, "vendor_name": "Weidm\u00fcller"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-026", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}]}, "solution": [{"lang": "en", "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."}], "source": {"advisory": "VDE-2021-026", "defect": ["VDE-2021-026"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:42.986Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-33531", "datePublished": "2021-06-25T18:25:56.622853Z", "dateReserved": "2021-05-24T00:00:00", "dateUpdated": "2024-09-16T23:16:36.995Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability."}, {"lang": "es", "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad explotable de uso de credenciales embebidas en m\u00faltiples utilidades iw_*. El sistema operativo del dispositivo contiene una contrase\u00f1a de cifrado no documentada, permitiendo la creaci\u00f3n de scripts de diagn\u00f3stico personalizados. Un atacante puede enviar scripts de diagn\u00f3stico mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"}], "id": "CVE-2021-33531", "lastModified": "2021-07-27T20:54:08.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-06-25T19:15:09.080", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}