Page 2 of 8 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluyéndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordenador del usuario. • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.8 incluyéndola, una vulnerabilidad puede permitir a atacantes remotos reescribir enlaces y URLs en las páginas cache a cadenas arbitrarias • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.7 incluyéndola, el parámetro filename es vulnerable a ataques de salto de ruta no autenticados, permitiendo el acceso de lectura a archivos arbitrarios en el servidor • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •