CVE-2021-34565

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 41.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth Phoenix Contact Wha-gw-f2d2-0-as- Z2-eth.eip Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth3.0.7 — 3.0.7*+1

▶CVEListV5phoenix_contact/wha-gw-f2d2-0-as-_z2-eth.eip3.0.7 — 3.0.7*+1

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware3.0.7 — 3.0.9

▶NVDpepperl-fuchs/wha-gw-f2d2-0-as-z2-eth.eip_firmware3.0.7 — 3.0.9

🔴Vulnerability Details

2

GHSA

GHSA-8v6m-v7w5-7r88: In PEPPERL+FUCHS WirelessHART-Gateway 3↗2022-05-24

▶

CVEList

In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found↗2021-08-31

▶

CVE-2021-34565 (CRITICAL CVSS 9.8) | In PEPPERL+FUCHS WirelessHART-Gatew | cvebase.io