CVE-2021-34560

MEDIUM

Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth... - Insufficiently Protected Credentials

Title source: rule

Description

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

References (1)

[Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2021-027

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

pepperl-fuchs/wha-gw-f2d2-0-as-z2-eth_firmware < 3.0.9

pepperl-fuchs/wha-gw-f2d2-0-as-z2-eth.eip_firmware < 3.0.9

Timeline

Published Aug 31, 2021

Tracked Since Feb 18, 2026