A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory US Government Resource |
https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - Third Party Advisory, US Government Resource |
28 May 2021, 14:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:* cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:* cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:* cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:* |
|
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
20 May 2021, 13:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-539 |
20 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-20 12:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27463
Mitre link : CVE-2021-27463
CVE.ORG link : CVE-2021-27463
JSON object : View
Products Affected
emerson
- x-stream_enhanced_xexf
- x-stream_enhanced_xegk_firmware
- x-stream_enhanced_xegp_firmware
- x-stream_enhanced_xegk
- x-stream_enhanced_xefd_firmware
- x-stream_enhanced_xefd
- x-stream_enhanced_xexf_firmware
- x-stream_enhanced_xegp
CWE
CWE-539
Use of Persistent Cookies Containing Sensitive Information