CVE-2021-34564 — Cleartext Storage of Sensitive Information in a Cookie in Wha-gw-f2d2-0-as-z2-eth Firmware

CWE-315 — Cleartext Storage of Sensitive Information in a Cookie3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Wha-gw-f2d2-0-as Z2-eth Phoenix Contact Wha-gw-f2d2-0-as Z2-eth.eip Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as_z2-eth3.0.9

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as_z2-eth.eip3.0.9

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware3.0.9

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as_z2-eth.eip_firmware3.0.9

🔴Vulnerability Details

GHSA

GHSA-g9mc-4fcm-jrr6: Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS Wi↗2022-05-24

▶

CVEList

In WirelessHART-Gateway versions 3.0.9 a vulnerability allows to read and write sensitive data in a cookie↗2021-08-31

▶