Vulnerability Details : CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Products affected by CVE-2021-34565
- Pepperl-fuchs » Wha-gw-f2d2-0-as-z2-eth FirmwareVersions from including (>=) 3.0.7 and up to, including, (<=) 3.0.9cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*
- Pepperl-fuchs » Wha-gw-f2d2-0-as-z2-eth.eip FirmwareVersions from including (>=) 3.0.7 and up to, including, (<=) 3.0.9cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-34565
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-34565
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
CERT VDE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-34565
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: info@cert.vde.com (Primary)
References for CVE-2021-34565
-
https://cert.vde.com/en-us/advisories/vde-2021-027
PEPPERL+FUCHS: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service — English (USA)Third Party Advisory
Jump to