CVE-2021-34559
- EPSS 0.31%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:41
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
CVE-2021-34560
- EPSS 0.05%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:41
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at lea...
CVE-2021-34561
- EPSS 0.12%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:41
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may...
CVE-2021-34562
- EPSS 0.22%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:41
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
CVE-2021-34563
- EPSS 0.05%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:41
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
CVE-2021-34565
- EPSS 0.36%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:42
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.