MidnightBSD

Advisories for kadenvodomery

CVE-2021-34576 LOW

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
kadenvodomery picoflux_air_firmware -
CVE-2021-34577

In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.

Products Affected

Vendor Product Version
kadenvodomery picoflux_air_firmware -