Skip to main content

Ie Wl Bl Ap Cl Eu Firmware CVE-2021-33535

HIGH
Use of Externally-Controlled Format String (CWE-134)
2021-06-25 info@cert.vde.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2021 - 19:15 nvd
HIGH 8.8

DescriptionNVD

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

AnalysisAI

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-134. In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Affected products include: Weidmueller Ie-Wl-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wl-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wl-Vl-Ap-Br-Cl-Eu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-33538 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists

CVE-2021-33537 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in

CVE-2021-33533 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33532 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33531 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability e

CVE-2021-33530 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in enc

CVE-2021-33528 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in

CVE-2021-33536 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in Ser

CVE-2021-33529 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the servic

CVE-2021-33539 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in

CVE-2021-33534 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

Share

CVE-2021-33535 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy