Aggregates CVE and security vulnerability intelligence across all pepperl-fuchs-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-5849 | An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | [email protected] | 7.1 | 0.58% | 2024-08-13 | 2024-08-22 |
| CVE-2024-38502 | An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | [email protected] | 7.1 | 0.58% | 2024-08-13 | 2024-08-22 |
| CVE-2024-38501 | An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | [email protected] | 6.1 | 0.36% | 2024-08-13 | 2024-08-22 |
| CVE-2024-6422 | An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | [email protected] | 9.8 | 1.86% | 2024-07-10 | 2024-11-21 |
| CVE-2024-6421 | An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | [email protected] | 7.5 | 0.49% | 2024-07-10 | 2025-08-22 |
| CVE-2021-34565 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | [email protected] | 9.8 | 0.35% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34564 | Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. | [email protected] | 5.5 | 0.03% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34563 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | [email protected] | 3.3 | 0.05% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34562 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | [email protected] | 5.4 | 0.22% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34561 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser. | [email protected] | 7.5 | 0.33% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34560 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | [email protected] | 5.5 | 0.05% | 2021-08-31 | 2024-11-21 |
| CVE-2021-34559 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | [email protected] | 5.4 | 0.31% | 2021-08-31 | 2024-11-21 |
| CVE-2021-33555 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | [email protected] | 7.5 | 0.90% | 2021-08-31 | 2024-11-21 |
| CVE-2021-20988 | In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | [email protected] | 8.6 | 0.28% | 2021-05-13 | 2024-11-21 |
| CVE-2021-20987 | A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | [email protected] | 8.6 | 0.37% | 2021-02-16 | 2024-11-21 |
| CVE-2021-20986 | A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. | [email protected] | 7.5 | 0.54% | 2021-02-16 | 2024-11-21 |
| CVE-2020-12525 | M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | [email protected] | 7.3 | 0.11% | 2021-01-22 | 2024-11-21 |
| CVE-2020-12514 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | [email protected] | 6.6 | 0.45% | 2021-01-22 | 2024-11-21 |
| CVE-2020-12513 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | [email protected] | 7.5 | 8.89% | 2021-01-22 | 2024-11-21 |
| CVE-2020-12512 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | [email protected] | 7.5 | 0.72% | 2021-01-22 | 2024-11-21 |