CVE-2021-34563

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.8 through 3.0.9

Description: The issue concerns the absence of the HttpOnly attribute on a cookie, allowing its value to be accessed or modified by client-side JavaScript. This could potentially lead to unauthorized access or manipulation of sensitive information.

Recommendations: For versions 3.0.8 and 3.0.9, consider setting the HttpOnly attribute on the cookie to prevent client-side JavaScript from accessing its value. As a temporary workaround, restrict access to sensitive information stored in cookies until a patch is available.