Phoenix Contact Wha-Gw-F2D2-0-As- Z2-Eth vulnerabilities
8 known vulnerabilities affecting phoenix_contact/wha-gw-f2d2-0-as-_z2-eth.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-34565CRITICALCVSS 9.8≥ 3.0.7, < 3.0.7*≥ 3.0.9, ≤ 3.0.92021-08-31
CVE-2021-34565 [CRITICAL] CWE-798 CVE-2021-34565: In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with har
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
cvelistv5nvd
CVE-2021-33555HIGHCVSS 7.5≥ 3.0.7, ≤ 3.0.72021-08-31
CVE-2021-33555 [HIGH] CWE-22 CVE-2021-33555: In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticat
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
cvelistv5nvd
CVE-2021-34561HIGHCVSS 8.8≥ 3.0.8, ≤ 3.0.82021-08-31
CVE-2021-34561 [HIGH] CWE-350 CVE-2021-34561: In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not exter
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.
cvelistv5nvd
CVE-2021-34560MEDIUMCVSS 5.5≥ 3.0.9, ≤ 3.0.92021-08-31
CVE-2021-34560 [MEDIUM] CWE-522 CVE-2021-34560: In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete en
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
cvelistv5nvd
CVE-2021-34564MEDIUMCVSS 5.5v3.0.92021-08-31
CVE-2021-34564 [MEDIUM] CWE-315 CVE-2021-34564: Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to st
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
cvelistv5nvd
CVE-2021-34559MEDIUMCVSS 5.3≥ 3.0.8, ≤ 3.0.82021-08-31
CVE-2021-34559 [MEDIUM] CWE-444 CVE-2021-34559: In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
cvelistv5nvd
CVE-2021-34562MEDIUMCVSS 6.1v3.0.82021-08-31
CVE-2021-34562 [MEDIUM] CWE-79 CVE-2021-34562: In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the a
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
cvelistv5nvd
CVE-2021-34563LOWCVSS 3.3v3.0.8v3.0.92021-08-31
CVE-2021-34563 [LOW] CWE-1004 CVE-2021-34563: In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie.
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
cvelistv5nvd