CVE-2021-20999: WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways
First published: Thu May 13 2021(Updated: )
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Weidmueller Uc20-wl2000-ac Firmware | >=1.3.0<1.9.1 | |
| Weidmueller Uc20-wl2000-ac Firmware | >=1.10.0<1.10.3 | |
| Weidmueller Uc20-wl2000-ac Firmware | =1.11.0 | |
| Weidmueller Uc20-wl2000-ac Firmware | =1.12.1 | |
| Weidmueller Uc20-wl2000-ac | ||
| Weidmueller Uc20-wl2000-iot Firmware | >=1.3.0<1.9.1 | |
| Weidmueller Uc20-wl2000-iot Firmware | >=1.10.0<1.10.3 | |
| Weidmueller Uc20-wl2000-iot Firmware | =1.11.0 | |
| Weidmueller Uc20-wl2000-iot Firmware | =1.12.1 | |
| Weidmueller Uc20-wl2000-iot | ||
| Weidmueller Iot-gw30 Firmware | >=1.3.0<1.9.1 | |
| Weidmueller Iot-gw30 Firmware | >=1.10.0<1.10.3 | |
| Weidmueller Iot-gw30 Firmware | =1.11.0 | |
| Weidmueller Iot-gw30 Firmware | =1.12.1 | |
| Weidmueller Iot-gw30 | ||
| Weidmueller Iot-gw30-4g-eu Firmware | >=1.3.0<1.9.1 | |
| Weidmueller Iot-gw30-4g-eu Firmware | >=1.10.0<1.10.3 | |
| Weidmueller Iot-gw30-4g-eu Firmware | =1.11.0 | |
| Weidmueller Iot-gw30-4g-eu Firmware | =1.12.1 | |
| Weidmueller Iot-gw30-4g-eu |
Remedy
Weidmüller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20999?
CVE-2021-20999 is a vulnerability in Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1.
What is the severity of CVE-2021-20999?
The severity of CVE-2021-20999 is 9.8 (Critical).
How can CVE-2021-20999 be exploited?
By exploiting CVE-2021-20999, an attacker can manipulate the device or stop its operation.
Which versions of Weidmüller u-controls and IoT-Gateways are affected by CVE-2021-20999?
Versions up to 1.12.1 of Weidmüller u-controls and IoT-Gateways are affected by CVE-2021-20999.
Is my Weidmüller u-controls or IoT-Gateway vulnerable to CVE-2021-20999?
Your Weidmüller u-controls or IoT-Gateway is vulnerable to CVE-2021-20999 if it runs a version up to 1.12.1.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/weidmueller
- canonical/weidmueller uc20-wl2000-ac firmware
- version/weidmueller uc20-wl2000-ac firmware/1.3.0
- version/weidmueller uc20-wl2000-ac firmware/1.10.0
- version/weidmueller uc20-wl2000-ac firmware/1.11.0
- version/weidmueller uc20-wl2000-ac firmware/1.12.1
- canonical/weidmueller uc20-wl2000-ac
- canonical/weidmueller uc20-wl2000-iot firmware
- version/weidmueller uc20-wl2000-iot firmware/1.3.0
- version/weidmueller uc20-wl2000-iot firmware/1.10.0
- version/weidmueller uc20-wl2000-iot firmware/1.11.0
- version/weidmueller uc20-wl2000-iot firmware/1.12.1
- canonical/weidmueller uc20-wl2000-iot
- canonical/weidmueller iot-gw30 firmware
- version/weidmueller iot-gw30 firmware/1.3.0
- version/weidmueller iot-gw30 firmware/1.10.0
- version/weidmueller iot-gw30 firmware/1.11.0
- version/weidmueller iot-gw30 firmware/1.12.1
- canonical/weidmueller iot-gw30
- canonical/weidmueller iot-gw30-4g-eu firmware
- version/weidmueller iot-gw30-4g-eu firmware/1.3.0
- version/weidmueller iot-gw30-4g-eu firmware/1.10.0
- version/weidmueller iot-gw30-4g-eu firmware/1.11.0
- version/weidmueller iot-gw30-4g-eu firmware/1.12.1
- canonical/weidmueller iot-gw30-4g-eu