CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34565 – In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found
https://notcve.org/view.php?id=CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. En PEPPERL+FUCHS WirelessHART-Gateway versiones 3.0.7 hasta 3.0.9, los servicios SSH y telnet están activos con credenciales embebidas • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-798: Use of Hard-coded Credentials •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34563 – In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it
https://notcve.org/view.php?id=CVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. En PEPPERL+FUCHS WirelessHART-Gateway versiones 3.0.8 y 3.0.9, el atributo HttpOnly no es ajustado en una cookie. Esto permite que el valor de la cookie sea leído o establecido por el JavaScript del lado del cliente • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34560 – A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information
https://notcve.org/view.php?id=CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluyéndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordenador del usuario. • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-522: Insufficiently Protected Credentials •