CVE-2022-3083

EPSS 0.17%
Veröffentlicht 01.02.2023 21:15:08
Zuletzt bearbeitet 21.11.2024 07:18:47
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Landisgyr ≫ E850 Firmware

Landisgyr ≫ E850 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.387

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
ics-cert@hq.dhs.gov	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision

The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-3083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3083

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3083