Lucene search

CERTVDECVELIST:CVE-2021-34564

HistoryAug 16, 2021 - 12:00 a.m.

CVE-2021-34564 In WirelessHART-Gateway versions 3.0.9 a vulnerability allows to read and write sensitive data in a cookie

2021-08-1600:00:00

CWE-315

CERTVDE

www.cve.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user’s credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

CNA Affected

[
  {
    "product": "WHA-GW-F2D2-0-AS- Z2-ETH",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.9"
      }
    ]
  },
  {
    "product": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.9"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-027

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-34564