CVE-2021-20999
9.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Weidmüller | UC20-WL2000-AC (No. 1334950000) | 1.3.0 <= 1.9.0 | affected |
| Weidmüller | UC20-WL2000-AC (No. 1334950000) | 1.10.0 <= 1.10.2 | affected |
| Weidmüller | UC20-WL2000-AC (No. 1334950000) | 1.11.0 <= 1.12.1 | affected |
| Weidmüller | UC20-WL2000-IOT (No. 1334990000) | 1.3.0 <= 1.9.0 | affected |
| Weidmüller | UC20-WL2000-IOT (No. 1334990000) | 1.10.0 <= 1.10.2 | affected |
| Weidmüller | UC20-WL2000-IOT (No. 1334990000) | 1.11.0 <= 1.12.1 | affected |
| Weidmüller | IOT-GW30 (No. 2682620000) | 1.3.0 <= 1.9.0 | affected |
| Weidmüller | IOT-GW30 (No. 2682620000) | 1.10.0 <= 1.10.2 | affected |
| Weidmüller | IOT-GW30 (No. 2682620000) | 1.11.0 <= 1.12.1 | affected |
| Weidmüller | IOT-GW30-4G-EU (No. 2682630000) | 1.3.0 <= 1.9.0 | affected |
| Weidmüller | IOT-GW30-4G-EU (No. 2682630000) | 1.10.0 <= 1.10.2 | affected |
| Weidmüller | IOT-GW30-4G-EU (No. 2682630000) | 1.11.0 <= 1.12.1 | affected |
Weaknesses
- CWE-668: CWE-668 Exposure of Resource to Wrong Sphere
Workarounds
Restrict access to the network the device is connected to. Do not directly connect the device to the internet.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.