CVE-2021-34561

Summary

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.8 <= 3.0.8affected
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.8 <= 3.0.8affected

Weaknesses

  • CWE-350: CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

Workarounds

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

ADP Enrichment

CVE Program Container

Additional References

References