5.3

CVE-2021-27463

EPSS 0.16%
Published 20.05.2021 12:15:08
Last modified 21.11.2024 05:58:02
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ X-stream Enhanced Xegp Firmware

Emerson ≫ X-stream Enhanced Xegp Version-

Emerson ≫ X-stream Enhanced Xegk Firmware

Emerson ≫ X-stream Enhanced Xegk Version-

Emerson ≫ X-stream Enhanced Xefd Firmware

Emerson ≫ X-stream Enhanced Xefd Version-

Emerson ≫ X-stream Enhanced Xexf Firmware

Emerson ≫ X-stream Enhanced Xexf Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.341

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-539 Use of Persistent Cookies Containing Sensitive Information

The web application uses persistent cookies, but the cookies contain sensitive information.

https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27463

EUVD