CVE-2021-34577 - Vulnerability Details - OpenCVE

ReportizFlow

In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kadenvodomery	Picoflux Air Picoflux Air Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.fit.vutbr.cz/~polcak/CVE-2021-34577

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-11-09T16:11:03.018Z

Updated: 2024-08-04T00:19:46.586Z

Reserved: 2021-06-10T19:19:08.025Z

Link: CVE-2021-34577

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-09T17:15:10.080

Modified: 2024-11-21T06:10:44.300

Link: CVE-2021-34577

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-34577", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2021-06-10T19:19:08.025Z", "datePublished": "2022-11-09T16:11:03.018Z", "dateUpdated": "2024-08-04T00:19:46.586Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "PICOFLUX AiR", "vendor": "Kaden", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Libor POL\u010c\u00c1K reported to CERT@VDE"}], "datePublic": "2021-09-16T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."}], "value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2022-11-09T16:11:03.018Z"}, "references": [{"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577"}], "source": {"discovery": "EXTERNAL"}, "title": "Hardcoded credentials in Kaden PICOFLUX AiR", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:46.586Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577", "tags": ["x_transferred"]}]}]}}