CVE-2021-34561 - OpenCVE

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Pepperl-fuchs	Wha-gw-f2d2-0-as-z2-eth.eip Wha-gw-f2d2-0-as-z2-eth Wha-gw-f2d2-0-as-z2-eth.eip Firmware Wha-gw-f2d2-0-as-z2-eth Firmware

Configuration 1 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2021-027	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-16T00:00:00

Updated: 2021-08-31T10:32:56

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34561

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-31T11:15:07.467

Modified: 2022-09-29T15:24:29.143

Link: CVE-2021-34561

JSON object: View

Redhat Information

No data.

CWE

CWE-350

{"containers": {"cna": {"affected": [{"product": "WHA-GW-F2D2-0-AS- Z2-ETH", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.8", "status": "affected", "version": "3.0.8", "versionType": "custom"}]}, {"product": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "3.0.8", "status": "affected", "version": "3.0.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "datePublic": "2021-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-350", "description": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T10:32:56", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "solutions": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "title": "A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding", "workarounds": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-08-16T07:07:00.000Z", "ID": "CVE-2021-34561", "STATE": "PUBLIC", "TITLE": "A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.8", "version_value": "3.0.8"}]}}, {"product_name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.0.8", "version_value": "3.0.8"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "Pepperl+Fuchs reported this vulnerability. CERT@VDE coordinated."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-027", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}]}, "solution": [{"lang": "en", "value": "No update available."}], "source": {"advisory": "VDE-2021-027", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "An external protective measure is required.\n\n* Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n* Isolate affected products from the corporate network.\n* If remote access is required, use secure methods such as virtual private networks (VPNs)."}]}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34561", "datePublished": "2021-08-16T00:00:00", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2021-08-31T10:32:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D28EDBE-97CB-4253-9BC2-9B97B03B411A", "versionEndIncluding": "3.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth:-:*:*:*:*:*:*:*", "matchCriteriaId": "31ADD5AF-680A-4C79-B219-DAF256FD4D09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EE619F0-14C8-4670-A1CA-D6B261E63E6F", "versionEndIncluding": "3.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pepperl-fuchs:wha-gw-f2d2-0-as-z2-eth.eip:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B743365-D2E7-4C47-B98B-CD5AFDC1B540", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser."}, {"lang": "es", "value": "En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.8 incluy\u00e9ndola, se presenta un problema grave, si la aplicaci\u00f3n no es accesible externamente o usa restricciones de acceso basadas en IP. Los atacantes pueden usar DNS Rebinding para omitir cualquier restricci\u00f3n de acceso basada en IP o firewall que pueda presentarse, al hacer proxy mediante el navegador de su objetivo"}], "id": "CVE-2021-34561", "lastModified": "2022-09-29T15:24:29.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-08-31T11:15:07.467", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-027"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-350"}], "source": "info@cert.vde.com", "type": "Primary"}]}