Vulnerabilities (CVE)

Filtered by vendor Pepperl-fuchs Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6422 1 Pepperl-fuchs 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more 2024-11-21 N/A 9.8 CRITICAL
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
CVE-2024-6421 1 Pepperl-fuchs 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more 2024-11-21 N/A 7.5 HIGH
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
CVE-2021-34565 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
CVE-2021-34564 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
CVE-2021-34563 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 2.1 LOW 3.3 LOW
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
CVE-2021-34562 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
CVE-2021-34561 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 6.8 MEDIUM 7.5 HIGH
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.
CVE-2021-34560 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
CVE-2021-34559 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more 2024-11-21 5.0 MEDIUM 5.4 MEDIUM
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
CVE-2021-33555 1 Pepperl-fuchs 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2021-20988 2 Hilscher, Pepperl-fuchs 17 Rcx Rtos, Ice1-16di-g60l-v1d, Ice1-16di-g60l-v1d Firmware and 14 more 2024-11-21 5.0 MEDIUM 8.6 HIGH
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.
CVE-2021-20987 2 Hilscher, Pepperl-fuchs 23 Ethernet\/ip Adapter, Ethernet\/ip Adapter Firmware, Pcv100-f200-b25-v1d-6011 and 20 more 2024-11-21 7.8 HIGH 8.6 HIGH
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
CVE-2021-20986 2 Hilscher, Pepperl-fuchs 73 Profinet Io Device, Profinet Io Device Firmware, Ohv-f230-b17 and 70 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
CVE-2020-12525 4 Emerson, Pepperl-fuchs, Wago and 1 more 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more 2024-11-21 6.8 MEDIUM 7.3 HIGH
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12514 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 4.0 MEDIUM 6.6 MEDIUM
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12513 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 9.0 HIGH 7.5 HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12512 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 3.5 LOW 7.5 HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12511 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
CVE-2020-12504 3 Korenix, Pepperl-fuchs, Westermo 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
CVE-2020-12503 2 Korenix, Pepperl-fuchs 56 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 53 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.