Unrated severityNVD Advisory· Published Aug 31, 2021· Updated Sep 17, 2024
In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it
CVE-2021-34563
Description
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 3.0.8, 3.0.9
- Phoenix Contact/WHA-GW-F2D2-0-AS- Z2-ETHv5Range: 3.0.8
- Phoenix Contact/WHA-GW-F2D2-0-AS- Z2-ETH.EIPv5Range: 3.0.8
Patches
Vulnerability mechanics
References
1- cert.vde.com/en-us/advisories/vde-2021-027mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.