Pepperl-Fuchs: >> Wha-Gw-F2d2-0-As-Z2-Eth Firmware >> 3.0.9 Security Vulnerabilities
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-31
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-08-31
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-31
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-31