CVE-2021-34565
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | 3.0.7 < 3.0.7* | affected |
| Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH | 3.0.9 <= 3.0.9 | affected |
| Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH.EIP | 3.0.7 < 3.0.7* | affected |
| Phoenix Contact | WHA-GW-F2D2-0-AS- Z2-ETH.EIP | 3.0.9 <= 3.0.9 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.