Описание
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.9 (включая)
Одновременно
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.0.9 (включая)
Одновременно
cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00052
Низкий
5.5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
CWE-522
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
EPSS
Процентиль: 17%
0.00052
Низкий
5.5 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
CWE-522