Search criteria
21 vulnerabilities found for x-stream_enhanced_xegk_firmware by emerson
FKIE_CVE-2021-27459
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;El servidor web de los productos afectados permite que sean cargados archivos no comprobados, que un atacante podr\u00eda usar para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-27459",
"lastModified": "2024-11-21T05:58:02.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.120",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27461
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones del servidor web afectadas permiten el acceso a unos datos almacenados que pueden ser obtenidos al usar una URL especialmente dise\u00f1ada"
}
],
"id": "CVE-2021-27461",
"lastModified": "2024-11-21T05:58:02.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.157",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27467
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;La interfaz web del producto afectado permite a un atacante enrutar el clic o la pulsaci\u00f3n de una tecla a otra p\u00e1gina proporcionada por el atacante para conseguir acceso no autorizado a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-27467",
"lastModified": "2024-11-21T05:58:03.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.277",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27465
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones afectadas no comprueban una entrada de la p\u00e1gina web, lo que podr\u00eda permitir a un atacante inyectar c\u00f3digo HTML arbitrario en una p\u00e1gina web.\u0026#xa0;Esto permitir\u00eda a un atacante modificar la p\u00e1gina y mostrar datos incorrectos o no deseados"
}
],
"id": "CVE-2021-27465",
"lastModified": "2024-11-21T05:58:02.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27463
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesi\u00f3n no est\u00e1 apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-27463",
"lastModified": "2024-11-21T05:58:02.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.197",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-539"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27457
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Los productos afectados usan un algoritmo de cifrado d\u00e9bil para el almacenamiento de datos confidenciales, lo que puede permitir a un atacante obtener m\u00e1s f\u00e1cilmente las credenciales usadas para el acceso"
}
],
"id": "CVE-2021-27457",
"lastModified": "2024-11-21T05:58:01.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.077",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27254
Vulnerability from fkie_nvd - Published: 2020-12-21 18:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
},
{
"lang": "es",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM mejorado XEGP, XEGK, XEFD, XEXF \u2013 todas las revisiones, Los productos afectados son vulnerables a una autenticaci\u00f3n inapropiada para acceder a los datos de registro y respaldo, lo que podr\u00eda permitir a un atacante con una URL especialmente dise\u00f1ada obtener acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2020-27254",
"lastModified": "2024-11-21T05:20:57.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-21T18:15:15.587",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-27461 (GCVE-0-2021-27461)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:44",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27461",
"datePublished": "2021-05-20T11:51:44",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27459 (GCVE-0-2021-27459)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:40",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27459",
"datePublished": "2021-05-20T11:51:40",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27457 (GCVE-0-2021-27457)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
Severity ?
No CVSS data available.
CWE
- CWE-326 - INADEQUATE ENCRYPTION STRENGTH CWE-326
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "INADEQUATE ENCRYPTION STRENGTH CWE-326",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INADEQUATE ENCRYPTION STRENGTH CWE-326"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27457",
"datePublished": "2021-05-20T11:51:36",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27467 (GCVE-0-2021-27467)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-1021 - IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:52",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27467",
"datePublished": "2021-05-20T11:05:52",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27465 (GCVE-0-2021-27465)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:47",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27465",
"datePublished": "2021-05-20T11:05:47",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27463 (GCVE-0-2021-27463)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-539 - USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-539",
"description": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:42",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27463",
"datePublished": "2021-05-20T11:05:42",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27254 (GCVE-0-2020-27254)
Vulnerability from cvelistv5 – Published: 2020-12-21 17:04 – Updated: 2024-08-04 16:11
VLAI?
Summary
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T17:04:24",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27254",
"datePublished": "2020-12-21T17:04:24",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27461 (GCVE-0-2021-27461)
Vulnerability from nvd – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:44",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27461",
"datePublished": "2021-05-20T11:51:44",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27459 (GCVE-0-2021-27459)
Vulnerability from nvd – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:40",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27459",
"datePublished": "2021-05-20T11:51:40",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27457 (GCVE-0-2021-27457)
Vulnerability from nvd – Published: 2021-05-20 11:51 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
Severity ?
No CVSS data available.
CWE
- CWE-326 - INADEQUATE ENCRYPTION STRENGTH CWE-326
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "INADEQUATE ENCRYPTION STRENGTH CWE-326",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:51:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INADEQUATE ENCRYPTION STRENGTH CWE-326"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27457",
"datePublished": "2021-05-20T11:51:36",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27467 (GCVE-0-2021-27467)
Vulnerability from nvd – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-1021 - IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:52",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27467",
"datePublished": "2021-05-20T11:05:52",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27465 (GCVE-0-2021-27465)
Vulnerability from nvd – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:47",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27465",
"datePublished": "2021-05-20T11:05:47",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27463 (GCVE-0-2021-27463)
Vulnerability from nvd – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI?
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-539 - USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-539",
"description": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:42",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27463",
"datePublished": "2021-05-20T11:05:42",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:17.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27254 (GCVE-0-2020-27254)
Vulnerability from nvd – Published: 2020-12-21 17:04 – Updated: 2024-08-04 16:11
VLAI?
Summary
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T17:04:24",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27254",
"datePublished": "2020-12-21T17:04:24",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}