6 results (0.018 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. En PEPPERL+FUCHS WirelessHART-Gateway versiones 3.0.7 hasta 3.0.9, los servicios SSH y telnet están activos con credenciales embebidas • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-798: Use of Hard-coded Credentials •

CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. En PEPPERL+FUCHS WirelessHART-Gateway versiones 3.0.8 y 3.0.9, el atributo HttpOnly no es ajustado en una cookie. Esto permite que el valor de la cookie sea leído o establecido por el JavaScript del lado del cliente • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. En PEPPERL+FUCHS WirelessHART-Gateway versión 3.0.8, es posible inyectar JavaScript arbitrario en la respuesta de la aplicación • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.8 incluyéndola, se presenta un problema grave, si la aplicación no es accesible externamente o usa restricciones de acceso basadas en IP. Los atacantes pueden usar DNS Rebinding para omitir cualquier restricción de acceso basada en IP o firewall que pueda presentarse, al hacer proxy mediante el navegador de su objetivo • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluyéndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordenador del usuario. • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-522: Insufficiently Protected Credentials •