CVE-2021-34560

EPSS 0.05%
Veröffentlicht 31.08.2021 11:15:07
Zuletzt bearbeitet 21.11.2024 06:10:41
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pepperl-fuchs ≫ Wha-gw-f2d2-0-as-z2-eth Firmware Version <= 3.0.9

Pepperl-fuchs ≫ Wha-gw-f2d2-0-as-z2-eth Version-

Pepperl-fuchs ≫ Wha-gw-f2d2-0-as-z2-eth.Eip Firmware Version <= 3.0.9

Pepperl-fuchs ≫ Wha-gw-f2d2-0-as-z2-eth.Eip Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
info@cert.vde.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://cert.vde.com/en-us/advisories/vde-2021-027

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34560

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34560

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34560

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-34560