CVE-2021-33529

Published: Jun 25, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.

Affected (16)

Products: Weidmueller: Ie Wl Bl Ap Cl Eu Firmware, Ie Wlt Bl Ap Cl Eu Firmware, Ie Wl Bl Ap Cl Us Firmware, Ie Wlt Bl Ap Cl Us Firmware, Ie Wl Vl Ap Br Cl Eu Firmware, Ie Wlt Vl Ap Br Cl Eu Firmware, Ie Wl Vl Ap Br Cl Us Firmware, Ie Wlt Vl Ap Br Cl Us Firmware

Weidmueller

8 products

Ie Wl Bl Ap Cl Eu Firmware

Ie Wlt Bl Ap Cl Eu Firmware

Ie Wl Bl Ap Cl Us Firmware

Ie Wlt Bl Ap Cl Us Firmware

Ie Wl Vl Ap Br Cl Eu Firmware

Ie Wlt Vl Ap Br Cl Eu Firmware

Ie Wl Vl Ap Br Cl Us Firmware

Ie Wlt Vl Ap Br Cl Us Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Bl Ap Cl Eu Firmware	Up to 1.16.18

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Bl Ap Cl Eu Firmware	Up to 1.16.18

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Bl Ap Cl Us Firmware	Up to 1.16.18

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Bl Ap Cl Us Firmware	Up to 1.16.18

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Vl Ap Br Cl Eu Firmware	Up to 1.16.18

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Vl Ap Br Cl Eu Firmware	Up to 1.16.18

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Vl Ap Br Cl Us Firmware	Up to 1.16.18

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Vl Ap Br Cl Us Firmware	Up to 1.16.18

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Bl Ap Cl Eu Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wl Bl Ap Cl Eu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Bl Ap Cl Eu Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wlt Bl Ap Cl Eu	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Bl Ap Cl Us Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wl Bl Ap Cl Us	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Bl Ap Cl Us Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wlt Bl Ap Cl Us	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Vl Ap Br Cl Eu Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wl Vl Ap Br Cl Eu	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Vl Ap Br Cl Eu Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wlt Vl Ap Br Cl Eu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wl Vl Ap Br Cl Us Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wl Vl Ap Br Cl Us	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Weidmueller Ie Wlt Vl Ap Br Cl Us Firmware	Up to 1.11.10

Running on/with	Platform Versions
Weidmueller Ie Wlt Vl Ap Br Cl Us	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cert.vde.com/en-us/advisories/vde-2021-026

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en-us/advisories/vde-2021-026

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.