ICSA-22-097-01 · Published 2022-04-07 · View on CISA ICS-CERT ↗

Pepperl+Fuchs WirelessHART-Gateway

CVSS 9.8 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.

CVEs (19)

CVE-2021-34565 CVE-2016-10707 CVE-2021-34561 CVE-2021-33555 CVE-2014-6071 CVE-2012-6708 CVE-2015-9251 CVE-2020-11023 CVE-2020-11022 CVE-2019-11358 CVE-2020-7656 CVE-2021-34560 CVE-2021-34564 CVE-2021-34559 CVE-2021-34562 CVE-2007-2379 CVE-2011-4969 CVE-2021-34563 CVE-2013-0169

Remediations

Minimize network exposure for affected products and ensure they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
See CERT@VDE's advisory VDE-2021-027 for more information

Affected Vendors

Pepperl+Fuchs

Affected Products (2)

Pepperl+Fuchs · WHA-GW-F2D2-0-AS- Z2-ETH 3.0.7 | 3.0.8 | 3.0.9

Pepperl+Fuchs · WHA-GW-F2D2-0-AS- Z2-ETH.EIP 3.0.7 | 3.0.8 | 3.0.9

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more