{"vulnerability": "CVE-2021-3456", "sightings": [{"uuid": "bd46d18e-03dc-4425-b424-9dc5430ae1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3456", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lxxjpvqfzh26", "content": "", "creation_timestamp": "2025-09-03T21:02:25.691180Z"}, {"uuid": "e9c6f822-f53e-4a14-8ffb-291a3912f012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3456", "type": "published-proof-of-concept", "source": "Telegram/yRu-fnA7pA4j2oJWWCMLGu8N50eU-D0RsvH-tJm0IXmauVc", "content": "", "creation_timestamp": "2025-09-01T09:00:17.000000Z"}, {"uuid": "67bd8bed-c642-4f83-a2d1-a30b8a875e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34568", "type": "seen", "source": "https://gist.github.com/jonathan-gruber-1/49a25d08fb02011d3bf14466e69f89ba", "content": "", "creation_timestamp": "2026-02-11T21:09:27.000000Z"}, {"uuid": "fd7ff925-e3ab-4009-8d25-d6e4d89f3e6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34560", "type": "seen", "source": "https://t.me/cibsecurity/28068", "content": "\u203c CVE-2021-34560 \u203c\n\nIn PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:25.000000Z"}, {"uuid": "a1d16744-b10f-4230-8854-e02fe24453f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34565", "type": "seen", "source": "https://t.me/cibsecurity/28067", "content": "\u203c CVE-2021-34565 \u203c\n\nIn PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:23.000000Z"}, {"uuid": "5fb052b3-3c42-4844-abfd-cc6d9d0a514c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34561", "type": "seen", "source": "https://t.me/cibsecurity/28073", "content": "\u203c CVE-2021-34561 \u203c\n\nIn PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:31.000000Z"}, {"uuid": "5a032303-a255-4492-a414-f25a1ba152cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34563", "type": "seen", "source": "https://t.me/cibsecurity/28072", "content": "\u203c CVE-2021-34563 \u203c\n\nIn PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:30.000000Z"}, {"uuid": "06643ea9-9f0b-4fc5-b44a-5461111f4faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34564", "type": "seen", "source": "https://t.me/cibsecurity/28071", "content": "\u203c CVE-2021-34564 \u203c\n\nAny cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:29.000000Z"}, {"uuid": "13f907e2-5458-42a6-a3c9-d9be2d594ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34562", "type": "seen", "source": "https://t.me/cibsecurity/28069", "content": "\u203c CVE-2021-34562 \u203c\n\nIn PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T14:33:27.000000Z"}]}