CVE-2021-34561

CWE-3503 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 43.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth.eip Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth3.0.8 — 3.0.8

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth.eip3.0.8 — 3.0.8

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware3.0.8

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth.eip_firmware3.0.8

🔴Vulnerability Details

GHSA

GHSA-9fh3-r25p-cgrm: In PEPPERL+FUCHS WirelessHART-Gateway <= 3↗2022-05-24

▶

CVEList

A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding↗2021-08-31

▶