CVE-2021-27463

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:58

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - Third Party Advisory, US Government Resource

28 May 2021, 14:49

Type Values Removed Values Added
CPE cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*
cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*
cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*
cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3

20 May 2021, 13:10

Type Values Removed Values Added
CWE CWE-539

20 May 2021, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-20 12:15

Updated : 2024-11-21 05:58


NVD link : CVE-2021-27463

Mitre link : CVE-2021-27463

CVE.ORG link : CVE-2021-27463


JSON object : View

Products Affected

emerson

  • x-stream_enhanced_xexf
  • x-stream_enhanced_xegk_firmware
  • x-stream_enhanced_xegp_firmware
  • x-stream_enhanced_xegk
  • x-stream_enhanced_xefd_firmware
  • x-stream_enhanced_xefd
  • x-stream_enhanced_xexf_firmware
  • x-stream_enhanced_xegp
CWE
CWE-539

Use of Persistent Cookies Containing Sensitive Information