Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it
Vulnerability Description
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
没有’HttpOnly’标志的敏感Cookie
Vulnerability Title
Pepperl Fuchs WirelessHART-Gateway安全漏洞
Vulnerability Description
Pepperl Fuchs WirelessHART-Gateway是德国Pepperl Fuchs公司的一款网关设备。 Pepperl Fuchs WirelessHART-Gateway 3.0.8 和 3.0.9版本存在安全漏洞,该漏洞源于HttpOnly属性没有在cookie上设置。攻击者可利用该漏洞通过客户端JavaScript读取或设置cookie的值。
CVSS Information
N/A
Vulnerability Type
N/A