CVE-2021-34560
MEDIUMPEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 - Insufficiently Protected Credentials via Autocomplete Password Field
Title source: llmDescription
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2021-027
Scores
CVSS v3
5.5
EPSS
0.0020
EPSS Percentile
10.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
pepperl-fuchs/wha-gw-f2d2-0-as-z2-eth.eip_firmware
< 3.0.9
pepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware
< 3.0.9
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026