CVE-2021-34560
low-risk
Published 2021-08-31
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (2)
Wha-Gw-F2D2-0-As-Z2-Eth Firmware
Wha-Gw-F2D2-0-As-Z2-Eth.Eip Firmware
Affected Vendors
References (2)
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-027
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-027
25
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low