133 matches found
CVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once...
CVE-2021-34562
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...
CVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...
CVE-2021-34562
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...
CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...
CVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...
CVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...
CVE-2021-34564
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9...
CVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server...
CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...
CVE-2021-34561
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's...
Design/Logic Flaw
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's...
Design/Logic Flaw
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9...
Design/Logic Flaw
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings...
Path traversal
In PEPPERL+FUCHS WirelessHART-Gateway = 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server...
Hardcoded credentials
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...
Code injection
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...
CVE-2021-34565
The CVE-2021-34565 vulnerability affects Pepperl+Fuchs WirelessHART-Gateway versions 3.0.7–3.0.9, where SSH and Telnet services run with hard-coded credentials. This is reported with high impact: remote access to the gateway could be obtained (CVSS v3.1 base score 9.8). Public advisories (ICS/CIS...
CVE-2021-34565 In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...