CVE-2021-34563
published 2021-08-31CVE-2021-34563: In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by…
low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pepperl-fuchs | wha-gw-f2d2-0-as-z2-eth.eip_firmware | — | — |
| pepperl-fuchs | wha-gw-f2d2-0-as-z2-eth.eip_firmware | — | — |
| pepperl-fuchs | wha-gw-f2d2-0-as-z2-eth_firmware | — | — |
| pepperl-fuchs | wha-gw-f2d2-0-as-z2-eth_firmware | — | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth | — | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth | — | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth.eip | — | — |
| phoenix_contact | wha-gw-f2d2-0-as_z2-eth.eip | — | — |