CVE-2021-34564 — MEDIUM (5.5)

Vulnerability Description

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pepperl-Fuchs	Wha-Gw-F2D2-0-As-Z2-Eth Firmware	3.0.9
Pepperl-Fuchs	Wha-Gw-F2D2-0-As-Z2-Eth	-
Pepperl-Fuchs	Wha-Gw-F2D2-0-As- Z2-Eth.Eip Firmware	3.0.9
Pepperl-Fuchs	Wha-Gw-F2D2-0-As- Z2-Eth.Eip	-

Related Weaknesses (CWE)

CWE-315

References

https://cert.vde.com/en-us/advisories/vde-2021-027Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-027Third Party Advisory

FAQ

What is CVE-2021-34564?

CVE-2021-34564 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

How severe is CVE-2021-34564?

CVE-2021-34564 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34564?

Check the references section above for vendor advisories and patch information. Affected products include: Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth Firmware, Pepperl-Fuchs Wha-Gw-F2D2-0-As-Z2-Eth, Pepperl-Fuchs Wha-Gw-F2D2-0-As- Z2-Eth.Eip Firmware, Pepperl-Fuchs Wha-Gw-F2D2-0-As- Z2-Eth.Eip.