CVE-2021-34560
Summary
| CVE | CVE-2021-34560 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-31 11:15:00 UTC |
| Updated | 2022-09-29 15:24:00 UTC |
| Description | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Pepperl-fuchs | Wha-gw-f2d2-0-as-z2-eth | - | All | All | All |
| Hardware | Pepperl-fuchs | Wha-gw-f2d2-0-as-z2-eth.eip | - | All | All | All |
| Operating System | Pepperl-fuchs | Wha-gw-f2d2-0-as-z2-eth.eip Firmware | All | All | All | All |
| Operating System | Pepperl-fuchs | Wha-gw-f2d2-0-as-z2-eth Firmware | All | All | All | All |
| Hardware | Pepperl-fuchs | Wha-gw-f2d2-0-as- Z2-eth.eip | - | All | All | All |
| Operating System | Pepperl-fuchs | Wha-gw-f2d2-0-as- Z2-eth.eip Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PEPPERL+FUCHS: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service — English (USA) | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated.
There are currently no legacy QID mappings associated with this CVE.