5.3

CVE-2021-27463

EPSS 0.16%
Veröffentlicht 20.05.2021 12:15:08
Zuletzt bearbeitet 21.11.2024 05:58:02
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ X-stream Enhanced Xegp Firmware

Emerson ≫ X-stream Enhanced Xegp Version-

Emerson ≫ X-stream Enhanced Xegk Firmware

Emerson ≫ X-stream Enhanced Xegk Version-

Emerson ≫ X-stream Enhanced Xefd Firmware

Emerson ≫ X-stream Enhanced Xefd Version-

Emerson ≫ X-stream Enhanced Xexf Firmware

Emerson ≫ X-stream Enhanced Xexf Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.38

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-539 Use of Persistent Cookies Containing Sensitive Information

The web application uses persistent cookies, but the cookies contain sensitive information.

https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27463

EUVD