Wha-gw-f2d2-0-as-z2-eth.eip Firmware Security Vulnerabilities and Issues — Wha-gw-f2d2-0-as-z2-eth.eip Firmware CVE List

Lucene search

Pepperl-fuchsWha-gw-f2d2-0-as-z2-eth.eip Firmware

6 matches found

CVE•added 2021/08/31 11:15 a.m.•42 views

CVE-2021-34559

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.

5.4CVSS5.8AI score0.00313EPSS

CVE•added 2021/08/31 11:15 a.m.•36 views

CVE-2021-34563

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

3.3CVSS4.2AI score0.00104EPSS

CVE•added 2021/08/31 11:15 a.m.•34 views

CVE-2021-34560

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

5.5CVSS5.9AI score0.00113EPSS

CVE•added 2021/08/31 11:15 a.m.•34 views

CVE-2021-34562

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.

6.1CVSS6.2AI score0.00296EPSS

CVE•added 2021/08/31 11:15 a.m.•33 views

CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

9.8CVSS9.5AI score0.0035EPSS

CVE•added 2021/08/31 11:15 a.m.•31 views

CVE-2021-34561

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target...

8.8CVSS8.2AI score0.00089EPSS