Vulnerabilities > Pepperl Fuchs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-34563 | Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. | 3.3 |
| 2021-08-31 | CVE-2021-34564 | Cleartext Storage of Sensitive Information in a Cookie vulnerability in Pepperl-Fuchs products Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. | 5.5 |
| 2021-08-31 | CVE-2021-34565 | Use of Hard-coded Credentials vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | 9.8 |
| 2021-05-13 | CVE-2021-20988 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. | 7.5 |
| 2021-02-16 | CVE-2021-20987 | Out-of-bounds Write vulnerability in multiple products A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | 8.6 |
| 2021-02-16 | CVE-2021-20986 | Out-of-bounds Write vulnerability in multiple products A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. | 7.5 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2021-01-22 | CVE-2020-12514 | NULL Pointer Dereference vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | 4.9 |
| 2021-01-22 | CVE-2020-12513 | OS Command Injection vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | 8.8 |
| 2021-01-22 | CVE-2020-12512 | Cross-site Scripting vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | 5.4 |