Vulnerability Details CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2021-34560
-
cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip:-
-
cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:-
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:3.0.7
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:3.0.8
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:3.0.9
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:-
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:3.0.7
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:3.0.8
-
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:3.0.9