CVE-2021-34560 : What You Need to Know
Learn about CVE-2021-34560, a vulnerability in WirelessHART-Gateway <= 3.0.9 that exposes sensitive information. Understand the impact, affected systems, and mitigation steps.
A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information.
Understanding CVE-2021-34560
This CVE describes a security issue in the WirelessHART-Gateway <= 3.0.9 that could result in the exposure of sensitive information.
What is CVE-2021-34560?
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9, a form contains a password field with autocomplete enabled. Attackers gaining control over the user's computer can capture stored credentials. The user needs to have logged in at least once.
The Impact of CVE-2021-34560
The vulnerability has a base score of 5.5, indicating a medium severity. It affects confidentiality with high impact but does not impact availability and integrity. The vulnerability requires user interaction and only has a local attack vector.
Technical Details of CVE-2021-34560
Vulnerability Description
The vulnerability stems from insufficiently protected credentials in the affected WirelessHART-Gateway versions.
Affected Systems and Versions
Product: WHA-GW-F2D2-0-AS- Z2-ETH
- Vendor: Phoenix Contact
- Version: 3.0.9
Product: WHA-GW-F2D2-0-AS- Z2-ETH.EIP
- Vendor: Phoenix Contact
- Version: 3.0.9
Exploitation Mechanism
An attacker needs access to the user's computer to capture stored credentials.
Mitigation and Prevention
Immediate Steps to Take
To mitigate the risk:
- Minimize network exposure for affected products
- Ensure the products are not accessible via the Internet
- Isolate affected products from the corporate network
- Use secure methods like VPNs for remote access
Long-Term Security Practices
Regularly update and patch the affected systems. Implementing strong password policies and educating users on best security practices are crucial.