EUVD-2021-21223

Malware in sbrugna...

EUVD-2021-21222

Malware in sbrugna...

Enbra Ewm Data Forgery Issue Vulnerability

Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a data forgery issue in version 1.7.29, which stems from the fact that the software does not check for or detect replay...

Enbra EWM Access Control Error Vulnerability

Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and calorimeters. An access control error vulnerability exists in Enbra EWM version 1.7.29, which originates in Enbra EWM and several tested wireless M-Bus sensors,...

Enbra Ewm Trust Management Issue Vulnerability

Enbra Ewm is a universal reading device from the Czech company Enbra. It uses radios to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a trust management issue, which stems from multiple wireless M-Bus devices from Enbra using hard-coded credentials in secu...

CVE-2021-34572

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data...

CVE-2021-34571

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

CVE-2021-34571

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

CVE-2021-34573

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

CVE-2021-34573

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

CVE-2021-34572

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data...

Code injection

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data...

Hardcoded credentials

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

Buffer overflow

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

CVE-2021-34573 Incorrect calculation in Enbra EWM does not report backflows or no flow events

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

CVE-2021-34573

CVE-2021-34573 affects Enbra EWM v1.7.29. Multiple external records (CNVD/CNNVD, CVE lists) describe an access control error wherein event returns and the “No flow”/backflow events are not re-recognized or are misinterpreted when used with several wireless M-Bus sensors. This can lead to incor...

CVE-2021-34572

Summary (CVE-2021-34572): Enbra EWM 1.7.29 is vulnerable to data forgery via replay attacks from wireless M-Bus Secure Mode 5 devices. The software does not check or detect replayed data; sensor timestamps are replaced with the readout time, enabling potential integrity issues. Affected component...

CVE-2021-34572 Insufficient Verification of Data Authenticity in Enbra EWM (replay attack)

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data...

CVE-2021-34571

The CVE-2021-34571 entry concerns Enbra EWM, a universal Enbra Wireless M-Bus reading device. Concrete details across connected records show a trust/credential management issue in which several wireless M-Bus devices use hard-coded credentials in secure mode 5, with no option to change the encryp...

CVE-2021-34571 Hard-coded Credentials in Enbra Wireless M-Bus devices

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...