Details of VAR-202108-2171

ID

VAR-202108-2171

CVE

CVE-2021-34560

TITLE

PEPPERL+FUCHS WirelessHART-Gateway Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011393

DESCRIPTION

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. PEPPERL+FUCHS WirelessHART-Gateway There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-34560 // JVNDB: JVNDB-2021-011393 // VULMON: CVE-2021-34560

IOT TAXONOMY

category:

['network device']

sub_category:

gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	pepperl fuchs	model:	wha-gw-f2d2-0-as-z2-eth.eip	scope:	lte	version:	3.0.9	Trust: 1.0
vendor:	pepperl fuchs	model:	wha-gw-f2d2-0-as-z2-eth	scope:	lte	version:	3.0.9	Trust: 1.0
vendor:	ピーアンドエフ	model:	wha-gw-f2d2-0-as-z2-eth	scope:	-	version:	-	Trust: 0.8
vendor:	ピーアンドエフ	model:	wha-gw-f2d2-0-as- z2-eth.eip	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011393 // NVD: CVE-2021-34560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34560
value:	MEDIUM
Trust: 1.0
info@cert.vde.com:	CVE-2021-34560
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34560
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-2767
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-34560
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-34560
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-34560
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
info@cert.vde.com:	CVE-2021-34560
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34560
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-34560 // JVNDB: JVNDB-2021-011393 // CNNVD: CNNVD-202108-2767 // NVD: CVE-2021-34560 // NVD: CVE-2021-34560

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011393 // NVD: CVE-2021-34560

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2767

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202108-2767

PATCH

title:	top page	url:	https://www.pepperl-fuchs.com/japan/ja/index.htm	Trust: 0.8
title:	Pepperl Fuchs WirelessHART-Gateway Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161346	Trust: 0.6

sources: JVNDB: JVNDB-2021-011393 // CNNVD: CNNVD-202108-2767

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34560	Trust: 3.4
db:	CERT@VDE	id:	VDE-2021-027	Trust: 2.5
db:	ICS CERT	id:	ICSA-22-097-01	Trust: 1.4
db:	JVN	id:	JVNVU94847990	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-011393	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.1512	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2767	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-34560	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-34560 // JVNDB: JVNDB-2021-011393 // CNNVD: CNNVD-202108-2767 // NVD: CVE-2021-34560

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-027	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34560	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94847990/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01	Trust: 0.8
url:	https://cert.vde.com/en/advisories/vde-2021-027/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1512	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-34560 // JVNDB: JVNDB-2021-011393 // CNNVD: CNNVD-202108-2767 // NVD: CVE-2021-34560

CREDITS

CERT@VDE coordinated these vulnerabilities with Pepperl+Fuchs.

Trust: 0.6

sources: CNNVD: CNNVD-202108-2767

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-34560
db:	JVNDB	id:	JVNDB-2021-011393
db:	CNNVD	id:	CNNVD-202108-2767
db:	NVD	id:	CVE-2021-34560

LAST UPDATE DATE

2025-01-30T19:36:55.733000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-34560	date:	2021-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-011393	date:	2022-07-28T07:47:00
db:	CNNVD	id:	CNNVD-202108-2767	date:	2022-04-08T00:00:00
db:	NVD	id:	CVE-2021-34560	date:	2022-09-29T15:24:49.683

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-34560	date:	2021-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-011393	date:	2022-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202108-2767	date:	2021-08-31T00:00:00
db:	NVD	id:	CVE-2021-34560	date:	2021-08-31T11:15:07.407