CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDECNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
pepperl-fuchswha-gw-f2d2-0-as-z2-eth_firmware
3.0.7 ≤
𝑥
≤ 3.0.9
pepperl-fuchswha-gw-f2d2-0-as-z2-eth.eip_firmware
3.0.7 ≤
𝑥
≤ 3.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-027
https://cert.vde.com/en-us/advisories/vde-2021-027