Skip to main content

Ie Wl Bl Ap Cl Eu Firmware CVE-2021-33530

HIGH
OS Command Injection (CWE-78)
2021-06-25 info@cert.vde.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2021 - 19:15 nvd
HIGH 8.8

DescriptionNVD

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

AnalysisAI

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. Affected products include: Weidmueller Ie-Wl-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wl-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wl-Vl-Ap-Br-Cl-Eu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2021-33538 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists

CVE-2021-33537 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in

CVE-2021-33535 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_

CVE-2021-33533 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33532 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33531 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability e

CVE-2021-33528 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in

CVE-2021-33536 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in Ser

CVE-2021-33529 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the servic

CVE-2021-33539 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in

CVE-2021-33534 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

Share

CVE-2021-33530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy