HIGH🇬🇧 English

CVE-2021-34561

CVSS 7.5v3.1pub. 2021-08-31upd. 2024-11-21

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth.eip

    HW
    Pepperl-Fuchs
    wszystkie wersje
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth.eip Firmware

    OS
    Pepperl-Fuchs
    ≤ 3.0.8
  • Pepperl Fuchs Wha Gw F2d2 0 As Z2 Eth Firmware

    OS
    Pepperl-Fuchs
    ≤ 3.0.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Firewall
CWE
Referencje

Powiązane podatności

CVE-2021-34565CRITICAL9.8ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded cr...

CVE-2021-33555HIGH7.5ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path tr...

CVE-2021-34560MEDIUM5.5ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The...

CVE-2021-34564MEDIUM5.5ten sam produkt

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the us...

CVE-2021-34562MEDIUM5.4ten sam produkt

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application...