CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type	Values Removed	Values Added
References	~~() https://cert.vde.com/en-us/advisories/vde-2021-026 - Third Party Advisory~~	() https://cert.vde.com/en-us/advisories/vde-2021-026 - Third Party Advisory

Information

Published : 2021-06-25 19:15

Updated : 2024-11-21 06:09

NVD link : CVE-2021-33538

Mitre link : CVE-2021-33538

CVE.ORG link : CVE-2021-33538

JSON object : View

Products Affected

weidmueller

ie-wl-bl-ap-cl-us_firmware
ie-wlt-vl-ap-br-cl-us_firmware
ie-wl-vl-ap-br-cl-us_firmware
ie-wl-vl-ap-br-cl-eu
ie-wl-bl-ap-cl-eu
ie-wlt-bl-ap-cl-eu_firmware
ie-wl-vl-ap-br-cl-us
ie-wlt-vl-ap-br-cl-us
ie-wl-vl-ap-br-cl-eu_firmware
ie-wl-bl-ap-cl-us
ie-wlt-bl-ap-cl-us
ie-wlt-vl-ap-br-cl-eu_firmware
ie-wlt-bl-ap-cl-eu
ie-wlt-vl-ap-br-cl-eu
ie-wl-bl-ap-cl-eu_firmware
ie-wlt-bl-ap-cl-us_firmware

CWE

CWE-269

Improper Privilege Management

NVD-CWE-Other

8.8 /10