Vulnerabilities > Pepperl Fuchs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38501 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | 6.1 |
| 2024-08-13 | CVE-2024-38502 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-08-13 | CVE-2024-5849 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-07-10 | CVE-2024-6421 | Unspecified vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | 7.5 |
| 2024-07-10 | CVE-2024-6422 | Missing Authentication for Critical Function vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | 9.8 |
| 2021-08-31 | CVE-2021-33555 | Path Traversal vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | 5.0 |
| 2021-08-31 | CVE-2021-34559 | HTTP Request Smuggling vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | 5.3 |
| 2021-08-31 | CVE-2021-34560 | Insufficiently Protected Credentials vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. | 5.5 |
| 2021-08-31 | CVE-2021-34561 | Reliance on Reverse DNS Resolution for a Security-Critical Action vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. | 8.8 |
| 2021-08-31 | CVE-2021-34562 | Cross-site Scripting vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | 6.1 |