CVE-2021-34560

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.9 and earlier

Description: A form in the affected software contains a password field with autocomplete enabled, allowing stored credentials to be captured by an attacker who gains control over the user's computer. This can occur if the user has logged in at least once.

Recommendations: For PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.9 and earlier, consider disabling the autocomplete feature for password fields as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.