CVE-2021-33555 - Vulnerability Details - OpenCVE

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pepperl-fuchs	Wha-gw-f2d2-0-as- Z2-eth.eip Wha-gw-f2d2-0-as- Z2-eth.eip Firmware Wha-gw-f2d2-0-as-z2-eth Wha-gw-f2d2-0-as-z2-eth Firmware

Configuration 1 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2021-027

History

Tue, 17 Sep 2024 01:45:00 +0000

Type	Values Removed	Values Added
Title	A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway	A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-31T10:32:52.841146Z

Updated: 2024-09-17T01:36:42.946Z

Reserved: 2021-05-24T00:00:00

Link: CVE-2021-33555

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-31T11:15:07.277

Modified: 2024-11-21T06:09:05.300

Link: CVE-2021-33555

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WHA-GW-F2D2-0-AS- Z2-ETH", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.7", "versionType": "custom"}]}, {"product": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "datePublic": "2021-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T10:32:52", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "solutions": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "title": "A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway", "workarounds": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-08-16T07:07:00.000Z", "ID": "CVE-2021-33555", "STATE": "PUBLIC", "TITLE": "A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.7", "version_value": "3.0.7"}]}}, {"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.7", "version_value": "3.0.7"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-027", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}]}, "solution": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:43.056Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-33555", "datePublished": "2021-08-31T10:32:52.841146Z", "dateReserved": "2021-05-24T00:00:00", "dateUpdated": "2024-09-17T01:36:42.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CEA99C9-1803-43FF-A5A9-9F7ABF57D355", "versionEndIncluding": "3.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*", "matchCriteriaId": "31ADD5AF-680A-4C79-B219-DAF256FD4D09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "555E2D29-23C3-450A-A1F5-32CAD915E465", "versionEndIncluding": "3.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip:-:*:*:*:*:*:*:*", "matchCriteriaId": "546B10DD-23E5-4A82-89D9-62CEB0669A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}, {"lang": "es", "value": "En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.7 incluy\u00e9ndola, el par\u00e1metro filename es vulnerable a ataques de salto de ruta no autenticados, permitiendo el acceso de lectura a archivos arbitrarios en el servidor"}], "id": "CVE-2021-33555", "lastModified": "2024-11-21T06:09:05.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-31T11:15:07.277", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Secondary"}]}