ID
VAR-202108-0982
CVE
CVE-2021-34562
TITLE
PEPPERL+FUCHS WirelessHART-Gateway Cross-site scripting vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2021-011300
DESCRIPTION
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. PEPPERL+FUCHS WirelessHART-Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Trust: 1.71
sources:
NVD: CVE-2021-34562 //
JVNDB: JVNDB-2021-011300 //
VULMON: CVE-2021-34562
IOT TAXONOMY
| category: | ['network device'] | sub_category: | gateway | Trust: 0.1 |
sources:
OTHER: None
AFFECTED PRODUCTS
| vendor: | pepperl fuchs | model: | wha-gw-f2d2-0-as-z2-eth.eip | scope: | eq | version: | 3.0.8 | Trust: 1.0 |
| vendor: | pepperl fuchs | model: | wha-gw-f2d2-0-as-z2-eth | scope: | eq | version: | 3.0.8 | Trust: 1.0 |
| vendor: | ピーアンドエフ | model: | wha-gw-f2d2-0-as- z2-eth.eip | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ピーアンドエフ | model: | wha-gw-f2d2-0-as-z2-eth | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-011300 //
NVD: CVE-2021-34562
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2021-34562 //
JVNDB: JVNDB-2021-011300 //
CNNVD: CNNVD-202108-2771 //
NVD: CVE-2021-34562 //
NVD: CVE-2021-34562
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [ others ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-011300 //
NVD: CVE-2021-34562
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202108-2771
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202108-2771
PATCH
| title: | top page | url: | https://www.pepperl-fuchs.com/japan/ja/index.htm | Trust: 0.8 |
| title: | Pepperl Fuchs WirelessHART-Gateway Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161350 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2021-011300 //
CNNVD: CNNVD-202108-2771
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-34562 | Trust: 3.4 |
| db: | CERT@VDE | id: | VDE-2021-027 | Trust: 2.5 |
| db: | ICS CERT | id: | ICSA-22-097-01 | Trust: 1.4 |
| db: | JVN | id: | JVNVU94847990 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2021-011300 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.1512 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202108-2771 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-34562 | Trust: 0.1 |
sources:
OTHER: None //
VULMON: CVE-2021-34562 //
JVNDB: JVNDB-2021-011300 //
CNNVD: CNNVD-202108-2771 //
NVD: CVE-2021-34562
REFERENCES
| url: | https://cert.vde.com/en-us/advisories/vde-2021-027 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-34562 | Trust: 1.4 |
| url: | https://jvn.jp/vu/jvnvu94847990/ | Trust: 0.8 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01 | Trust: 0.8 |
| url: | https://cert.vde.com/en/advisories/vde-2021-027/ | Trust: 0.8 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.1512 | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
| url: | https://cwe.mitre.org/data/definitions/79.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
OTHER: None //
VULMON: CVE-2021-34562 //
JVNDB: JVNDB-2021-011300 //
CNNVD: CNNVD-202108-2771 //
NVD: CVE-2021-34562
CREDITS
CERT@VDE coordinated these vulnerabilities with Pepperl+Fuchs.
Trust: 0.6
sources:
CNNVD: CNNVD-202108-2771
SOURCES
| db: | OTHER | id: | - |
| db: | VULMON | id: | CVE-2021-34562 |
| db: | JVNDB | id: | JVNDB-2021-011300 |
| db: | CNNVD | id: | CNNVD-202108-2771 |
| db: | NVD | id: | CVE-2021-34562 |
LAST UPDATE DATE
2025-01-30T19:36:44.728000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2021-34562 | date: | 2021-09-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-011300 | date: | 2022-07-26T05:36:00 |
| db: | CNNVD | id: | CNNVD-202108-2771 | date: | 2022-04-08T00:00:00 |
| db: | NVD | id: | CVE-2021-34562 | date: | 2022-09-29T15:24:52.920 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2021-34562 | date: | 2021-08-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-011300 | date: | 2022-07-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-202108-2771 | date: | 2021-08-31T00:00:00 |
| db: | NVD | id: | CVE-2021-34562 | date: | 2021-08-31T11:15:07.527 |