CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

CVE-2021-33555

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server...

CVE-2021-34560

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once...

CVE-2021-34562

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

CVE-2021-34561

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's...

Path traversal

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server...

Design/Logic Flaw

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...

Design/Logic Flaw

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's...

Code injection

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

Design/Logic Flaw

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

Design/Logic Flaw

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9...

Hardcoded credentials

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

Design/Logic Flaw

In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once...

CVE-2021-34565 In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

CVE-2021-34565

The CVE-2021-34565 vulnerability affects Pepperl+Fuchs WirelessHART-Gateway versions 3.0.7–3.0.9, where SSH and Telnet services run with hard-coded credentials. This is reported with high impact: remote access to the gateway could be obtained (CVSS v3.1 base score 9.8). Public advisories (ICS/CIS...

CVE-2021-34564

CVE-2021-34564 corresponds to a vulnerability in Pepperl+Fuchs WirelessHART-Gateway 3.0.9 where cookies can be stolen due to cookie handling weaknesses (CWE-315). The ICSA advisory identifies affected versions 3.0.7–3.0.9 and lists cookie-related weaknesses among multiple issues (e.g., hard-coded...

CVE-2021-34563 In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

CVE-2021-34563

CVE-2021-34563 affects Pepperl+Fuchs WirelessHART-Gateway versions 3.0.8 and 3.0.9. The HttpOnly flag is not set on a cookie, allowing its value to be read or modified by client-side JavaScript. The documented impact is limited to information leakage/ alteration via cookie access, with CVSSv3 bas...

CVE-2021-34562 A vulnerability in WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

CVE-2021-34562

CVE-2021-34562 affects Pepperl+Fuchs WirelessHART-Gateway, notably versions 3.0.7–3.0.9 (3.0.8 highlighted). The vulnerability allows injection of arbitrary JavaScript into the application’s response (a cross-site scripting-type issue) as described in the ICSA advisory and CVE records. The primar...