VDB

CVE-2021-34560

CVE-2021-34560 PUBLISHED CVSS 5.5 MEDIUM

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

EPSS 0.05% · 16.7th percentile

Risk Scores

CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.05%
16.7th percentile

Affected Products

VendorProductVersions
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.9
pepperl-fuchswha-gw-f2d2-0-as-z2-eth_firmware0
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.9
pepperl-fuchswha-gw-f2d2-0-as-z2-eth.eip_firmware0

Timeline

  • Aug 31, 2021 CVE Published
  • Sep 1, 2021 EPSS Score
  • Oct 29, 2021 EPSS Score
  • Dec 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 22, 2022 EPSS Score
  • Apr 21, 2022 EPSS Score
  • Jun 17, 2022 EPSS Score
  • Aug 15, 2022 EPSS Score
  • Oct 12, 2022 EPSS Score
  • Dec 9, 2022 EPSS Score
  • Feb 5, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›