CVE-2021-34565 – PEPPERL+FUCHS WirelessHART-Gateway devices vers... (How to Fix)

Q: What is the severity of CVE-2021-34565?

CVE-2021-34565 has a CVSS score of 9.8 (CRITICAL). PEPPERL+FUCHS WirelessHART-Gateway devices versions 3.0.7 to 3.0.9 have SSH and telnet services enabled with hard-coded credentials. This allows attackers to gain unauthorized administrative access to the industrial gateway. Organizations using these specific gateway versions are affected.

📋 TL;DR

PEPPERL+FUCHS WirelessHART-Gateway devices versions 3.0.7 to 3.0.9 have SSH and telnet services enabled with hard-coded credentials. This allows attackers to gain unauthorized administrative access to the industrial gateway. Organizations using these specific gateway versions are affected.

💻 Affected Systems

Products:

PEPPERL+FUCHS WirelessHART-Gateway

Versions: 3.0.7 to 3.0.9

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: SSH and telnet services are active by default with hard-coded credentials that cannot be changed by users.

📦 What is this software?

Wha Gw F2d2 0 As Z2 Eth.eip Firmware by Pepperl Fuchs

View all CVEs affecting Wha Gw F2d2 0 As Z2 Eth.eip Firmware →

Wha Gw F2d2 0 As Z2 Eth Firmware by Pepperl Fuchs

View all CVEs affecting Wha Gw F2d2 0 As Z2 Eth Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control system gateway leading to disruption of industrial processes, data exfiltration, or manipulation of HART device communications.

🟠

Likely Case

Unauthorized administrative access allowing configuration changes, firmware modification, or use as pivot point into industrial networks.

🟢

If Mitigated

Limited impact if network segmentation prevents access to gateway services from untrusted networks.

🌐 Internet-Facing: HIGH - Direct remote access possible if gateway is exposed to internet.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit hard-coded credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of hard-coded credentials and network access to SSH/telnet services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.10 or later

Vendor Advisory: https://cert.vde.com/en-us/advisories/vde-2021-027

Restart Required: Yes

Instructions:

1. Download firmware version 3.0.10 or later from PEPPERL+FUCHS support portal. 2. Backup current configuration. 3. Upload new firmware via web interface. 4. Reboot gateway. 5. Verify new firmware version.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to SSH (port 22) and telnet (port 23) services using firewall rules.

Service Disablement

linux

Disable SSH and telnet services if not required for operations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate gateway from untrusted networks.
Monitor for authentication attempts using hard-coded credentials and alert on successful logins.

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface or via SSH/telnet login using hard-coded credentials.

Check Version:

Login to web interface and check System Information page for firmware version.

Verify Fix Applied:

Attempt SSH/telnet login with previously known hard-coded credentials - should fail. Verify firmware version is 3.0.10+.

📡 Detection & Monitoring

Log Indicators:

Successful SSH/telnet authentication from unexpected sources
Multiple failed login attempts followed by success

Network Indicators:

SSH or telnet connections to gateway from unauthorized IP addresses
Unusual outbound connections from gateway

SIEM Query:

source="gateway" AND (event="ssh_login" OR event="telnet_login") AND result="success"

📊 Metadata

CVE ID: CVE-2021-34565

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: August 31, 2021

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/en-us/advisories/vde-2021-027 Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-027 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34565, you might also want to check these: