CVE-2021-34560 – A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information
https://notcve.org/view.php?id=CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluyéndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordenador del usuario. • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-522: Insufficiently Protected Credentials •
CVE-2021-34559 – A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings
https://notcve.org/view.php?id=CVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.8 incluyéndola, una vulnerabilidad puede permitir a atacantes remotos reescribir enlaces y URLs en las páginas cache a cadenas arbitrarias • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2021-33555 – A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway
https://notcve.org/view.php?id=CVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.7 incluyéndola, el parámetro filename es vulnerable a ataques de salto de ruta no autenticados, permitiendo el acceso de lectura a archivos arbitrarios en el servidor • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-20988 – Hilscher rcX RTOS: Wrong handling of the UDP checksum
https://notcve.org/view.php?id=CVE-2021-20988
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. En Hilscher rcX RTOS versiones anteriores a V2.1.14.1, la longitud real del paquete UDP no es verificado con la longitud indicada por el paquete. Esto puede resultar a una denegación de servicio del dispositivo afectado • https://cert.vde.com/de-de/advisories/vde-2021-018 https://kb.hilscher.com/display/ISMS/2019-04-10+Wrong+handling+of+the+UDP+checksum • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-20987 – Hilscher: EtherNet/IP stack crash for specific CIP service
https://notcve.org/view.php?id=CVE-2021-20987
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. Se encontró una vulnerabilidad de denegación de servicio y corrupción de memoria en Hilscher EtherNet/IP Core versiones V2 anteriores a V2.13.0.21, que puede conllevar a una inyección de código a través de la red o hacer que los dispositivos se bloqueen sin recuperación • https://cert.vde.com/en-us/advisories/vde-2021-007 https://kb.hilscher.com/pages/viewpage.action?pageId=108969480 • CWE-787: Out-of-bounds Write •