CVE-2021-27457

EPSS 0.06%
Published 20.05.2021 12:15:08
Last modified 21.11.2024 05:58:01
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ X-stream Enhanced Xegp Firmware

Emerson ≫ X-stream Enhanced Xegp Version-

Emerson ≫ X-stream Enhanced Xegk Firmware

Emerson ≫ X-stream Enhanced Xegk Version-

Emerson ≫ X-stream Enhanced Xefd Firmware

Emerson ≫ X-stream Enhanced Xefd Version-

Emerson ≫ X-stream Enhanced Xexf Firmware

Emerson ≫ X-stream Enhanced Xexf Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.144

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27457

EUVD