CVE-2021-20999

Summary

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

Affected Software

VendorProductVersion RangeStatus
WeidmüllerUC20-WL2000-AC (No. 1334950000)1.3.0 <= 1.9.0affected
WeidmüllerUC20-WL2000-AC (No. 1334950000)1.10.0 <= 1.10.2affected
WeidmüllerUC20-WL2000-AC (No. 1334950000)1.11.0 <= 1.12.1affected
WeidmüllerUC20-WL2000-IOT (No. 1334990000)1.3.0 <= 1.9.0affected
WeidmüllerUC20-WL2000-IOT (No. 1334990000)1.10.0 <= 1.10.2affected
WeidmüllerUC20-WL2000-IOT (No. 1334990000)1.11.0 <= 1.12.1affected
WeidmüllerIOT-GW30 (No. 2682620000)1.3.0 <= 1.9.0affected
WeidmüllerIOT-GW30 (No. 2682620000)1.10.0 <= 1.10.2affected
WeidmüllerIOT-GW30 (No. 2682620000)1.11.0 <= 1.12.1affected
WeidmüllerIOT-GW30-4G-EU (No. 2682630000)1.3.0 <= 1.9.0affected
WeidmüllerIOT-GW30-4G-EU (No. 2682630000)1.10.0 <= 1.10.2affected
WeidmüllerIOT-GW30-4G-EU (No. 2682630000)1.11.0 <= 1.12.1affected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

Workarounds

Restrict access to the network the device is connected to. Do not directly connect the device to the internet.

ADP Enrichment

CVE Program Container

Additional References

References