CVE-2021-34560 MEDIUM

CVE-2021-34560: A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information

Vendor Phoenix Contact
Product WHA-GW-F2D2-0-AS- Z2-ETH
Weakness CWE-522 · Insufficiently protected credentials
Published August 31, 2021
Last update September 16, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

Key dates

02Disclosure timeline

August 31, 2021 CVE published
September 16, 2024 Record updated