CWE
668
Advisory Published
Updated

CVE-2021-20999: WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways

First published: Thu May 13 2021(Updated: )

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

Credit: info@cert.vde.com

Affected SoftwareAffected VersionHow to fix
Weidmueller Uc20-wl2000-ac Firmware>=1.3.0<1.9.1
Weidmueller Uc20-wl2000-ac Firmware>=1.10.0<1.10.3
Weidmueller Uc20-wl2000-ac Firmware=1.11.0
Weidmueller Uc20-wl2000-ac Firmware=1.12.1
Weidmueller Uc20-wl2000-ac
Weidmueller Uc20-wl2000-iot Firmware>=1.3.0<1.9.1
Weidmueller Uc20-wl2000-iot Firmware>=1.10.0<1.10.3
Weidmueller Uc20-wl2000-iot Firmware=1.11.0
Weidmueller Uc20-wl2000-iot Firmware=1.12.1
Weidmueller Uc20-wl2000-iot
Weidmueller Iot-gw30 Firmware>=1.3.0<1.9.1
Weidmueller Iot-gw30 Firmware>=1.10.0<1.10.3
Weidmueller Iot-gw30 Firmware=1.11.0
Weidmueller Iot-gw30 Firmware=1.12.1
Weidmueller Iot-gw30
Weidmueller Iot-gw30-4g-eu Firmware>=1.3.0<1.9.1
Weidmueller Iot-gw30-4g-eu Firmware>=1.10.0<1.10.3
Weidmueller Iot-gw30-4g-eu Firmware=1.11.0
Weidmueller Iot-gw30-4g-eu Firmware=1.12.1
Weidmueller Iot-gw30-4g-eu

Remedy

Weidmüller recommends upgrading affected devices to the current firmware version 1.12.3 or higher which fixes this vulnerability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-20999?

    CVE-2021-20999 is a vulnerability in Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1.

  • What is the severity of CVE-2021-20999?

    The severity of CVE-2021-20999 is 9.8 (Critical).

  • How can CVE-2021-20999 be exploited?

    By exploiting CVE-2021-20999, an attacker can manipulate the device or stop its operation.

  • Which versions of Weidmüller u-controls and IoT-Gateways are affected by CVE-2021-20999?

    Versions up to 1.12.1 of Weidmüller u-controls and IoT-Gateways are affected by CVE-2021-20999.

  • Is my Weidmüller u-controls or IoT-Gateway vulnerable to CVE-2021-20999?

    Your Weidmüller u-controls or IoT-Gateway is vulnerable to CVE-2021-20999 if it runs a version up to 1.12.1.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203