In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.CreditsPepperl+Fuchs reported this vulnerability. CERT@VDE coordinated.Referenceshttps://cert.vde.com/en-us/advisories/vde-2021-027
