A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information
CVE-2021-34560

5.5MEDIUM

Key Information:

Vendor
Phoenix Contact
Status
Wha-gw-f2d2-0-as- Z2-eth
Wha-gw-f2d2-0-as- Z2-eth.eip
Vendor
CVE Published:
31 August 2021

Summary

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Affected Version(s)

WHA-GW-F2D2-0-AS- Z2-ETH 3.0.9

WHA-GW-F2D2-0-AS- Z2-ETH.EIP 3.0.9

References

https://cert.vde.com/en-us/advisories/vde-2021-027
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated.
.
CVE-2021-34560 : A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information | SecurityVulnerability.io