CVE-2021-33555 - OpenCVE

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pepperl-fuchs	Wha-gw-f2d2-0-as- Z2-eth.eip Firmware Wha-gw-f2d2-0-as-z2-eth Wha-gw-f2d2-0-as- Z2-eth.eip Wha-gw-f2d2-0-as-z2-eth Firmware

Configuration 1 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2021-027	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-16T00:00:00

Updated: 2021-08-31T10:32:52

Reserved: 2021-05-24T00:00:00

Link: CVE-2021-33555

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-31T11:15:07.277

Modified: 2021-09-08T15:15:32.290

Link: CVE-2021-33555

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "WHA-GW-F2D2-0-AS- Z2-ETH", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.7", "versionType": "custom"}]}, {"product": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "datePublic": "2021-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T10:32:52", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "solutions": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "title": "A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway ", "workarounds": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-08-16T07:07:00.000Z", "ID": "CVE-2021-33555", "STATE": "PUBLIC", "TITLE": "A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.7", "version_value": "3.0.7"}]}}, {"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.7", "version_value": "3.0.7"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-027", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}]}, "solution": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}]}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-33555", "datePublished": "2021-08-16T00:00:00", "dateReserved": "2021-05-24T00:00:00", "dateUpdated": "2021-08-31T10:32:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CEA99C9-1803-43FF-A5A9-9F7ABF57D355", "versionEndIncluding": "3.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*", "matchCriteriaId": "31ADD5AF-680A-4C79-B219-DAF256FD4D09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "555E2D29-23C3-450A-A1F5-32CAD915E465", "versionEndIncluding": "3.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-_z2-eth.eip:-:*:*:*:*:*:*:*", "matchCriteriaId": "546B10DD-23E5-4A82-89D9-62CEB0669A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server."}, {"lang": "es", "value": "En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.7 incluy\u00e9ndola, el par\u00e1metro filename es vulnerable a ataques de salto de ruta no autenticados, permitiendo el acceso de lectura a archivos arbitrarios en el servidor"}], "id": "CVE-2021-33555", "lastModified": "2021-09-08T15:15:32.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-08-31T11:15:07.277", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Primary"}]}