CVE-2021-34565

Summary

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.7 < 3.0.7*affected
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH3.0.9 <= 3.0.9affected
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.7 < 3.0.7*affected
Phoenix ContactWHA-GW-F2D2-0-AS- Z2-ETH.EIP3.0.9 <= 3.0.9affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

An external protective measure is required.

  • Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
  • Isolate affected products from the corporate network.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

ADP Enrichment

CVE Program Container

Additional References

References