CVE-2021-34571 - OpenCVE

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Enbra	Ewm

Configuration 1 [-]

cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*

References

Link	Resource
https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-31T00:00:00

Updated: 2021-09-16T12:20:15

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34571

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-16T13:15:14.200

Modified: 2021-09-28T01:27:44.307

Link: CVE-2021-34571

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "AT-WMBUS-16-2", "vendor": "Enbra", "versions": [{"status": "unknown", "version": "all"}]}, {"product": "ER-AM DN 15", "vendor": "Enbra", "versions": [{"status": "unknown", "version": "ER-AM DN 15/SV all"}, {"status": "unknown", "version": "ER-AM DN 15/TV all"}]}, {"product": "EWM 1.7.29", "vendor": "Enbra", "versions": [{"status": "affected", "version": "03.11.2019"}]}], "credits": [{"lang": "en", "value": "Libor POL\u010c\u00c1K reported to CERT@VDE"}], "datePublic": "2021-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-16T12:20:15", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"}], "source": {"discovery": "EXTERNAL"}, "title": " Hard-coded Credentials in Enbra Wireless M-Bus devices", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-08-31T22:00:00.000Z", "ID": "CVE-2021-34571", "STATE": "PUBLIC", "TITLE": " Hard-coded Credentials in Enbra Wireless M-Bus devices"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AT-WMBUS-16-2", "version": {"version_data": [{"version_affected": "?", "version_value": "all"}]}}, {"product_name": "ER-AM DN 15", "version": {"version_data": [{"version_affected": "?", "version_name": "ER-AM DN 15/SV", "version_value": "all"}, {"version_affected": "?", "version_name": "ER-AM DN 15/TV", "version_value": "all"}]}}, {"product_name": "EWM 1.7.29", "version": {"version_data": [{"version_affected": "=", "version_value": "03.11.2019"}]}}]}, "vendor_name": "Enbra"}]}}, "credit": [{"lang": "eng", "value": "Libor POL\u010c\u00c1K reported to CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en", "refsource": "CONFIRM", "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34571", "datePublished": "2021-08-31T00:00:00", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2021-09-16T12:20:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*", "matchCriteriaId": "C983990C-D1DE-42C2-B6A2-8D9BD0B5A4FF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM."}, {"lang": "es", "value": "M\u00faltiples dispositivos M-Bus inal\u00e1mbricos de Enbra, usan Credenciales Embebidas en Security mode 5 sin una opci\u00f3n para cambiar la clave de cifrado. Un adversario puede aprender toda la informaci\u00f3n disponible en Enbra EWM"}], "id": "CVE-2021-34571", "lastModified": "2021-09-28T01:27:44.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-09-16T13:15:14.200", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.en"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "info@cert.vde.com", "type": "Primary"}]}