CVE-2021-34572

{"id": "CVE-2021-34572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-09-16T13:15:14.310", "references": [{"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.en", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data."}, {"lang": "es", "value": "Enbra EWM versi\u00f3n 1.7.29, no comprueba ni detecta los ataques de repetici\u00f3n enviados por los dispositivos inal\u00e1mbricos M-Bus Security mode 5. En su lugar, las marcas de tiempo del sensor se sustituyen por la hora de la lectura, incluso si los datos son una repetici\u00f3n de datos anteriores"}], "lastModified": "2021-09-28T17:16:55.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:enbra:ewm:1.7.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C983990C-D1DE-42C2-B6A2-8D9BD0B5A4FF"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}