CVE-2021-33555
published 2021-08-31CVE-2021-33555: In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pepperl-fuchs | wha-gw-f2d2-0-as-z2-eth_firmware | <= 3.0.7 | — |
| pepperl-fuchs | wha-gw-f2d2-0-as_z2-eth.eip_firmware | <= 3.0.7 | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth | 3.0.7 – 3.0.7 | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth.eip | 3.0.7 – 3.0.7 | — |