Vulnerability Description
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weidmueller | Uc20-Wl2000-Ac Firmware | >= 1.3.0, < 1.9.1 |
| Weidmueller | Uc20-Wl2000-Ac | - |
| Weidmueller | Uc20-Wl2000-Iot Firmware | >= 1.3.0, < 1.9.1 |
| Weidmueller | Uc20-Wl2000-Iot | - |
| Weidmueller | Iot-Gw30 Firmware | >= 1.3.0, < 1.9.1 |
| Weidmueller | Iot-Gw30 | - |
| Weidmueller | Iot-Gw30-4G-Eu Firmware | >= 1.3.0, < 1.9.1 |
| Weidmueller | Iot-Gw30-4G-Eu | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2021-016Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2021-016Third Party Advisory
FAQ
What is CVE-2021-20999?
CVE-2021-20999 is a vulnerability with a CVSS score of 9.4 (CRITICAL). In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this...
How severe is CVE-2021-20999?
CVE-2021-20999 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20999?
Check the references section above for vendor advisories and patch information. Affected products include: Weidmueller Uc20-Wl2000-Ac Firmware, Weidmueller Uc20-Wl2000-Ac, Weidmueller Uc20-Wl2000-Iot Firmware, Weidmueller Uc20-Wl2000-Iot, Weidmueller Iot-Gw30 Firmware.