Vulnerabilities > Pepperl Fuchs

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-33555 Path Traversal vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
network
low complexity
pepperl-fuchs CWE-22
5.0
2021-08-31 CVE-2021-34559 HTTP Request Smuggling vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
network
low complexity
pepperl-fuchs CWE-444
5.0
2021-08-31 CVE-2021-34560 Insufficiently Protected Credentials vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled.
local
low complexity
pepperl-fuchs CWE-522
2.1
2021-08-31 CVE-2021-34561 Reliance on Reverse DNS Resolution for a Security-Critical Action vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions.
6.8
2021-08-31 CVE-2021-34562 Cross-site Scripting vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
4.3
2021-08-31 CVE-2021-34563 Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie.
local
low complexity
pepperl-fuchs CWE-1004
2.1
2021-08-31 CVE-2021-34564 Cleartext Storage of Sensitive Information in a Cookie vulnerability in Pepperl-Fuchs products
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
local
low complexity
pepperl-fuchs CWE-315
2.1
2021-08-31 CVE-2021-34565 Use of Hard-coded Credentials vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
network
low complexity
pepperl-fuchs CWE-798
7.5
2021-05-13 CVE-2021-20988 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet.
network
low complexity
hilscher pepperl-fuchs CWE-119
5.0
2021-02-16 CVE-2021-20987 Out-of-bounds Write vulnerability in multiple products
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
network
low complexity
hilscher pepperl-fuchs CWE-787
critical
9.0