Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth firmware 3.0.9 vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware 3.0.8
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware 3.0.9
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware 3.0.8
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware 3.0.9
5.5
CVSSv3
CVE-2021-34564
Any cookie-stealing vulnerabilities within the application or browser would enable an malicious user to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware 3.0.9
Pepperl-fuchs Wha-gw-f2d2-0-as- Z2-eth.eip Firmware 3.0.9
9.8
CVSSv3
CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware
5.5
CVSSv3
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started