CVE-2021-34560

Summary

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.9 <= 3.0.9affected
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.9 <= 3.0.9affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

Workarounds

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

ADP Enrichment

CVE Program Container

Additional References

References