VYPR
Unrated severityNVD Advisory· Published Aug 31, 2021· Updated Sep 17, 2024

In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it

CVE-2021-34563

Description

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: 3.0.8, 3.0.9
  • Phoenix Contact/WHA-GW-F2D2-0-AS- Z2-ETHv5
    Range: 3.0.8
  • Phoenix Contact/WHA-GW-F2D2-0-AS- Z2-ETH.EIPv5
    Range: 3.0.8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.