VDB

CVE-2021-34563

CVE-2021-34563 PUBLISHED CVSS 3.299999952316284 LOW

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

EPSS 0.05% · 15.1th percentile

Risk Scores

CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.05%
15.1th percentile

Affected Products

VendorProductVersions
pepperl-fuchswha-gw-f2d2-0-as-z2-eth_firmware3.0.9, 3.0.8
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.8, 3.0.9
pepperl-fuchswha-gw-f2d2-0-as-z2-eth.eip_firmware3.0.9, 3.0.8
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.8, 3.0.9

Exploit Intelligence

Timeline

  • Aug 31, 2021 CVE Published
  • Sep 1, 2021 EPSS Score
  • Oct 29, 2021 EPSS Score
  • Dec 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 22, 2022 EPSS Score
  • Apr 21, 2022 EPSS Score
  • Jun 18, 2022 EPSS Score
  • Aug 16, 2022 EPSS Score
  • Oct 13, 2022 EPSS Score
  • Dec 10, 2022 EPSS Score
  • Feb 6, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›