CVE-2021-34576 - Vulnerability Details - OpenCVE

ReportizFlow

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kadenvodomery	Picoflux Air Picoflux Air Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en

History

Tue, 17 Sep 2024 02:45:00 +0000

Type	Values Removed	Values Added
Title	Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption	Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-09-16T12:20:19.792795Z

Updated: 2024-09-17T02:31:17.646Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34576

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-09-16T13:15:14.817

Modified: 2024-11-21T06:10:44.173

Link: CVE-2021-34576

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PICOFLUX AiR", "vendor": "Kaden", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "value": "Libor POL\u010c\u00c1K reported to CERT@VDE"}], "datePublic": "2021-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Information Exposure Through Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-16T12:20:19", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"}], "source": {"discovery": "UNKNOWN"}, "title": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2021-08-31T22:00:00.000Z", "ID": "CVE-2021-34576", "STATE": "PUBLIC", "TITLE": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PICOFLUX AiR", "version": {"version_data": [{"version_value": "all"}]}}]}, "vendor_name": "Kaden"}]}}, "credit": [{"lang": "eng", "value": "Libor POL\u010c\u00c1K reported to CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-203 Information Exposure Through Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en", "refsource": "CONFIRM", "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:47.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34576", "datePublished": "2021-09-16T12:20:19.792795Z", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-09-17T02:31:17.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E997A4A7-18BF-4D96-9BA4-693546CC9B89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*", "matchCriteriaId": "01C6CD16-D38E-4B3C-9FBF-BF017B41D021", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."}, {"lang": "es", "value": "En Kaden PICOFLUX Air en todas las versiones conocidas se presenta una exposici\u00f3n de informaci\u00f3n mediante una discrepancia observable. Esto puede dar informaci\u00f3n confidencial (consumo de agua sin valores distintos) a terceros"}], "id": "CVE-2021-34576", "lastModified": "2024-11-21T06:10:44.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-09-16T13:15:14.817", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "[email protected]", "type": "Secondary"}]}