Shodan
Vulnerabilities
Vulnerable Software
Pepperl-Fuchs:  Security Vulnerabilities
CVE-2024-5849
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-08-13
CVE-2024-38501
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-13
CVE-2024-38502
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-08-13
CVE-2024-6421
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-10
CVE-2024-6422
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-07-10
CVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-31
CVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-31
CVE-2021-34561
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-08-31
CVE-2021-34562
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved