1. Home
  2. CVE Database
  3. CVE-2021-34560
MEDIUM · 5.5

CVE-2021-34560

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's compu...

Vulnerability Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Pepperl-FuchsWha-Gw-F2D2-0-As-Z2-Eth Firmware<= 3.0.9
Pepperl-FuchsWha-Gw-F2D2-0-As-Z2-Eth-
Pepperl-FuchsWha-Gw-F2D2-0-As-Z2-Eth.Eip Firmware<= 3.0.9
Pepperl-FuchsWha-Gw-F2D2-0-As-Z2-Eth.Eip-

Related Weaknesses (CWE)

CWE-522

References

FAQ

What is CVE-2021-34560?

CVE-2021-34560 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's compu...

How severe is CVE-2021-34560?

CVE-2021-34560 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34560?

Check the references section above for vendor advisories and patch information. Affected products include: Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth Firmware, Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth, Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth.Eip Firmware, Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth.Eip.