Pepperl+Fuchs WirelessHART-Gateway

Act Now9.8ICS-CERT ICSA-22-097-01Apr 7, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Pepperl+Fuchs WHA-GW-F2D2-0-AS-Z2-ETH and WHA-GW-F2D2-0-AS-Z2-ETH.EIP WirelessHART gateways (versions 3.0.7, 3.0.8, 3.0.9) contain multiple critical vulnerabilities including hardcoded credentials (CWE-798), improper input validation (CWE-20), path traversal (CWE-22), and cross-site scripting (CWE-79). These flaws allow unauthenticated remote attackers to achieve code execution, denial-of-service, and information disclosure.

What this means

What could happen

An attacker with network access to the WirelessHART gateway could execute arbitrary code to manipulate wireless field device configurations, disconnect devices from your process network, or steal credentials and configuration data used to manage your operations.

Who's at risk

Water utilities and electric utilities operating WirelessHART wireless instrumentation networks for remote monitoring of sensors, pressure transmitters, level sensors, and other field devices. Also relevant to any facility using Pepperl+Fuchs WHA-GW-F2D2-0-AS-Z2-ETH or Z2-ETH.EIP gateways as the backbone for wireless process control or asset monitoring.

How it could be exploited

An attacker on your network (or via the Internet if the gateway is exposed) connects to the vulnerable gateway's management interface, exploits hardcoded credentials or input validation flaws to bypass authentication, and sends malicious requests to execute code or crash the gateway. WirelessHART devices rely on this gateway to communicate with PLCs and sensors, so gateway compromise directly impacts field device control.

Prerequisites

Network access to the gateway's management port (typically HTTP/HTTPS)

remotely exploitableno authentication requiredactively exploited (KEV)high EPSS score (36.9%)no patch availablehardcoded credentialsdefault credentials

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (2)

2 pending

ProductAffected VersionsFix Status

WHA-GW-F2D2-0-AS- Z2-ETH:3.0.7 | 3.0.8 | 3.0.9No fix yet

WHA-GW-F2D2-0-AS- Z2-ETH.EIP:3.0.7 | 3.0.8 | 3.0.9No fix yet

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGMinimize network exposure for the WirelessHART gateway; do not allow it to be accessible from the Internet.

HARDENINGIsolate the affected gateway from the corporate network using a firewall or network segmentation; place it in a dedicated OT zone.

WORKAROUNDIf remote access to the gateway is required for maintenance, enforce access through a VPN with strong authentication (multi-factor preferred).

HARDENINGReview and change any hardcoded or default credentials on the gateway if possible; document and restrict access to engineering workstations only.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the gateway for suspicious activity; log all management interface access attempts.

CVEs (19)

CVE-2021-34565 CVE-2016-10707 CVE-2021-34561 CVE-2021-33555 CVE-2014-6071 CVE-2012-6708 CVE-2015-9251 CVE-2020-11023 CVE-2020-11022 CVE-2019-11358 CVE-2020-7656 CVE-2021-34560 CVE-2021-34564 CVE-2021-34559 CVE-2021-34562 CVE-2007-2379 CVE-2011-4969 CVE-2021-34563 CVE-2013-0169

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0a3300a0-1eee-4a2e-b837-79ded63ed87f