Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-34565 — CVSS 9.8 (critical): In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
CVE-2021-33555 — CVSS 7.5 (high): In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling…
CVE-2021-34561 — CVSS 7.5 (high): In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based…
CVE-2021-34564 — CVSS 5.5 (medium): Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the…
CVE-2021-34560 — CVSS 5.5 (medium): In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be…
CVE-2021-34559 — CVSS 5.4 (medium): In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to…
CVE-2021-34562 — CVSS 5.4 (medium): In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
CVE-2021-34563 — CVSS 3.3 (low): In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be…