CVE-2021-34561

EUVD-2021-21211
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CERTVDECNA
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
pepperl-fuchswha-gw-f2d2-0-as-z2-eth_firmware
𝑥
≤ 3.0.8
pepperl-fuchswha-gw-f2d2-0-as-z2-eth.eip_firmware
𝑥
≤ 3.0.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-027
https://cert.vde.com/en-us/advisories/vde-2021-027