nvd-json-data-feeds/CVE-2021/CVE-2021-345xx/CVE-2021-34560.json

{
  "id": "CVE-2021-34560",
  "sourceIdentifier": "info@cert.vde.com",
  "published": "2021-08-31T11:15:07.407",
  "lastModified": "2022-09-29T15:24:49.683",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once."
    },
    {
      "lang": "es",
      "value": "En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluy\u00e9ndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordenador del usuario. Por lo tanto, el usuario debe haber iniciado la sesi\u00f3n al menos una vez"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "info@cert.vde.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      },
      {
        "source": "nvd@nist.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ]
    },
    {
      "source": "info@cert.vde.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "3.0.9",
              "matchCriteriaId": "EA0FB0B3-65DD-4AE8-A750-9A70339E033E"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31ADD5AF-680A-4C79-B219-DAF256FD4D09"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "3.0.9",
              "matchCriteriaId": "A9E1F6EF-1F42-469C-B094-5EC6356C91AA"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B743365-D2E7-4C47-B98B-CD5AFDC1B540"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-027",
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}