CVE-2021-34559

CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 45.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth.eip Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth3.0.8 — 3.0.8

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth.eip3.0.8 — 3.0.8

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware3.0.8

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth.eip_firmware3.0.8

🔴Vulnerability Details

GHSA

GHSA-fwcq-rwgm-5rc2: In PEPPERL+FUCHS WirelessHART-Gateway <= 3↗2022-05-24

▶

CVEList

A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings↗2021-08-31

▶