PT-2021-20203 · Pepperl+Fuchs · Wirelesshart Gateway
Published
2021-08-31
·
Updated
2021-09-08
·
CVE-2021-33555
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.7 and earlier
Description
The issue allows for unauthenticated path traversal attacks due to a vulnerability in the
filename parameter, enabling read access to arbitrary files on the server. This can be exploited through the vulnerable parameter, allowing unauthorized access to sensitive data.Recommendations
For PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.7 and earlier, as a temporary workaround, consider restricting access to the
filename parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wirelesshart Gateway