CVE-2021-33555

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth.eip Pepperl-fuchs Wha-gw-f2d2-0-as- Z2-eth.eip Firmware +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth3.0.7 — 3.0.7

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth.eip3.0.7 — 3.0.7

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware3.0.7

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-_z2-eth.eip_firmware3.0.7

🔴Vulnerability Details

GHSA

GHSA-xc2w-5wwx-wg78: In PEPPERL+FUCHS WirelessHART-Gateway <= 3↗2022-05-24

▶

CVEList

A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway↗2021-08-31

▶