First published: Tue Aug 31 2021(Updated: )
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware | <=3.0.7 | |
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth | ||
Pepperl-fuchs Wha-gw-f2d2-0-as- Z2-eth.eip Firmware | <=3.0.7 | |
Pepperl-fuchs Wha-gw-f2d2-0-as- Z2-eth.eip |
No update available.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33555 is a vulnerability in PEPPERL+FUCHS WirelessHART- Gateway <= 3.0.7 that allows unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2021-33555 has a severity rating of 7.5 (high).
PEPPERL+FUCHS WirelessHART-Gateway versions up to and including 3.0.7 are affected by CVE-2021-33555.
An attacker can exploit CVE-2021-33555 by using unauthenticated path traversal attacks to gain read access to arbitrary files on the server.
It is recommended to update to a version of PEPPERL+FUCHS WirelessHART-Gateway that is not affected by CVE-2021-33555.