CVE-2021-34577

{"id": "CVE-2021-34577", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-11-09T17:15:10.080", "references": [{"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34577", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device."}, {"lang": "es", "value": "En el medidor de agua Kaden PICOFLUX AiR, un adversario puede leer los valores a trav\u00e9s del modo inal\u00e1mbrico M-Bus 5 con una clave compartida codificada mientras se encuentra junto al dispositivo."}], "lastModified": "2022-11-15T16:57:38.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kadenvodomery:picoflux_air_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E997A4A7-18BF-4D96-9BA4-693546CC9B89"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kadenvodomery:picoflux_air:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01C6CD16-D38E-4B3C-9FBF-BF017B41D021"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}