CVE-2021-34565 : What You Need to Know

In August 2021, a critical vulnerability was discovered in the WirelessHART-Gateway versions 3.0.7 to 3.0.9. The issue involves hard-coded credentials that could lead to high impact on confidentiality, integrity, and availability.

Understanding CVE-2021-34565

This CVE relates to the presence of hard-coded credentials in specific products by Phoenix Contact.

What is CVE-2021-34565?

The vulnerability in WirelessHART-Gateway versions 3.0.7 to 3.0.9 allows unauthorized access due to active SSH and telnet services with hard-coded credentials.

The Impact of CVE-2021-34565

With a CVSS base score of 9.8 (Critical), the vulnerability poses a high risk to confidentiality, integrity, and availability, making it crucial to address promptly.

Technical Details of CVE-2021-34565

The technical specifics of the CVE include:

Vulnerability Description

The presence of hard-coded credentials in the SSH and telnet services of affected product versions.

Affected Systems and Versions

Products such as WHA-GW-F2D2-0-AS- Z2-ETH and WHA-GW-F2D2-0-AS- Z2-ETH.EIP by Phoenix Contact with versions 3.0.7 to 3.0.9 are impacted.

Exploitation Mechanism

Attackers can exploit this vulnerability to gain unauthorized access to the affected systems through the active SSH and telnet services.

Mitigation and Prevention

To address CVE-2021-34565, consider the following:

Immediate Steps to Take

Implement external protective measures to minimize network exposure and isolate affected products.
Ensure affected products are not accessible via the Internet.
Use secure remote access methods like virtual private networks (VPNs).

Long-Term Security Practices

Regularly monitor for security updates and patches from the vendor.
Conduct thorough security assessments and audits to identify and mitigate vulnerabilities.

Patching and Updates

As of the latest information, there are no updates available to address this vulnerability.