CVE-2021-34572

Name of the Vulnerable Software and Affected Versions: Enbra EWM version 1.7.29

Description: The issue concerns the lack of detection for replay attacks sent by wireless M-Bus Security mode 5 devices. Specifically, the timestamps of the sensor are replaced by the time of the readout, even if the data is a replay of earlier data. This allows an attacker to potentially manipulate the system by retransmitting previously sent data.

Recommendations: For Enbra EWM version 1.7.29, consider implementing additional security measures to detect and prevent replay attacks, such as verifying the authenticity of the data and checking for inconsistencies in the timestamps. As a temporary workaround, restrict access to the wireless M-Bus Security mode 5 devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.