MEDIUM🇵🇱 Wersja polska

CVE-2021-34560

CVSS 5.5v3.1pub. 2021-08-31upd. 2024-11-21

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth.eip

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth.eip Firmware

    OS
    Pepperl-Fuchs
    ≤ 3.0.9
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth Firmware

    OS
    Pepperl-Fuchs
    ≤ 3.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-34565CRITICAL9.8ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded cr...

CVE-2021-33555HIGH7.5ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path tr...

CVE-2021-34561HIGH7.5ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally acce...

CVE-2021-34562MEDIUM5.4ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application...

CVE-2021-34559MEDIUM5.4ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and...