Publication Details

CVE-2021-34571, CVE-2021-34572, CVE-2021-34573, CVE-2021-34576

POLČÁK Libor. CVE-2021-34571, CVE-2021-34572, CVE-2021-34573, CVE-2021-34576. Frankfurt am Main, 2021.
Type
technical report
Language
english
Authors
Abstract

We analyzed water metering systems deployed in residential buildings. During the research, we revealed vulnerabilities as a consquence of violating CEN standards, for example shared keys without the posibility of customization, broken integrity and confidentiality of the readouts. We reported the vulnerabilities to the CVE database:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34576

We published security advisories:

https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34577.html.en

Anotation

We analyzed water metering systems deployed in residential buildings. During the research, we revealed vulnerabilities as a consquence of violating CEN standards, for example shared keys without the posibility of customization, broken integrity and confidentiality of the readouts. We reported the vulnerabilities to the CVE database:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34576

We published security advisories:

https://www.fit.vutbr.cz/~polcak/CVE-2021-34571.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34572.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.html.en
https://www.fit.vutbr.cz/~polcak/CVE-2021-34577.html.en

Published
2021
Pages
4
Place
Frankfurt am Main, DE
BibTeX
@TECHREPORT{FITPUB12561,
   author = "Libor Pol\v{c}\'{a}k",
   title = "CVE-2021-34571, CVE-2021-34572, CVE-2021-34573, CVE-2021-34576",
   pages = 4,
   year = 2021,
   location = "Frankfurt am Main, DE",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12561"
}
Back to top