CVE-2021-20999 CRITICAL

CVE-2021-20999: WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways

Vendor Weidmüller
Product UC20-WL2000-AC (No. 1334950000)
Weakness CWE-668
Published May 13, 2021
Last update September 17, 2024

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped.

Key dates

02Disclosure timeline

May 13, 2021 CVE published
September 17, 2024 Record updated