First published: Tue Aug 31 2021(Updated: )
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware | =3.0.8 | |
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware | =3.0.9 | |
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth | ||
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware | =3.0.8 | |
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware | =3.0.9 | |
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip |
No update available.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-34563.
The severity of CVE-2021-34563 is low.
PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.8 and 3.0.9 are affected.
This vulnerability allows the cookie's value to be read or set by client-side JavaScript.
No information regarding a fix for this vulnerability is provided.