Vulnerabilities > Pepperl Fuchs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38501 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | 6.1 |
| 2021-08-31 | CVE-2021-33555 | Path Traversal vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | 5.0 |
| 2021-08-31 | CVE-2021-34559 | HTTP Request Smuggling vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | 5.3 |
| 2021-08-31 | CVE-2021-34560 | Insufficiently Protected Credentials vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. | 5.5 |
| 2021-08-31 | CVE-2021-34562 | Cross-site Scripting vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | 6.1 |
| 2021-05-13 | CVE-2021-20988 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. | 5.0 |
| 2021-02-16 | CVE-2021-20986 | Out-of-bounds Write vulnerability in multiple products A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. | 5.0 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 6.8 |
| 2021-01-22 | CVE-2020-12514 | NULL Pointer Dereference vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | 4.0 |
| 2021-01-22 | CVE-2020-12511 | Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | 6.8 |