Vulnerabilities > CVE-2021-34563 - Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Pepperl-Fuchs products

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
pepperl-fuchs
CWE-1004

Summary

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

Common Weakness Enumeration (CWE)