Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27463 (GCVE-0-2021-27463)
Vulnerability from cvelistv5 – Published: 2021-05-20 11:05 – Updated: 2024-08-03 20:48
VLAI
EPSS
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
Severity
No CVSS data available.
CWE
- CWE-539 - USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Emerson Rosemount X-STREAM Gas Analyzer |
Affected:
X-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson Rosemount X-STREAM Gas Analyzer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-539",
"description": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T11:05:42.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27463",
"datePublished": "2021-05-20T11:05:42.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-27463",
"date": "2026-05-27",
"epss": "0.00164",
"percentile": "0.37036"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5270378D-26DB-440F-B367-3DD5448AE617\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F281FEE8-4070-438F-992E-2CDA93FB1F1A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D80C8438-3710-4601-A50B-20C935E45ECD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3447F879-FEB9-4FBE-97A9-42C7089B2641\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B5D8DF7-B1B5-43BA-A0D8-12918844454B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33A8815B-A002-428F-95D1-A9BD87CC34A5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAACCF9F-2B01-4F80-BE90-69B4D432BCB1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49291A79-646A-40B2-8524-00C37CC1BBF3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad ha sido encontrada en m\\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesi\\u00f3n no est\\u00e1 apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a informaci\\u00f3n confidencial\"}]",
"id": "CVE-2021-27463",
"lastModified": "2024-11-21T05:58:02.533",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-05-20T12:15:08.197",
"references": "[{\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-539\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27463\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-05-20T12:15:08.197\",\"lastModified\":\"2024-11-21T05:58:02.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesi\u00f3n no est\u00e1 apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a informaci\u00f3n confidencial\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-539\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5270378D-26DB-440F-B367-3DD5448AE617\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F281FEE8-4070-438F-992E-2CDA93FB1F1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D80C8438-3710-4601-A50B-20C935E45ECD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3447F879-FEB9-4FBE-97A9-42C7089B2641\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B5D8DF7-B1B5-43BA-A0D8-12918844454B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33A8815B-A002-428F-95D1-A9BD87CC34A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAACCF9F-2B01-4F80-BE90-69B4D432BCB1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49291A79-646A-40B2-8524-00C37CC1BBF3\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CNVD-2021-37941
Vulnerability from cnvd - Published: 2021-05-31
VLAI
Title
Emerson Rosemount X-STREAM Gas Analyzer存在未明漏洞
Description
Emerson Rosemount X-STREAM Gas Analyzer是美国Emerson公司的一个应用于工业环境的气体分析仪设备。该设备支持多达五种成分的气体分析仪,具有NDIR / UV / VIS光度计,顺磁性和电化学O2,热导率和湿度传感器等功能。
Emerson Rosemount X-STREAM Gas Analyzer存在安全漏洞,攻击者可利用该漏洞拦截cookie并访问敏感信息。
Severity
中
Patch Name
Emerson Rosemount X-STREAM Gas Analyzer存在未明漏洞的补丁
Patch Description
Emerson Rosemount X-STREAM Gas Analyzer是美国Emerson公司的一个应用于工业环境的气体分析仪设备。该设备支持多达五种成分的气体分析仪,具有NDIR / UV / VIS光度计,顺磁性和电化学O2,热导率和湿度传感器等功能。
Emerson Rosemount X-STREAM Gas Analyzer存在安全漏洞,攻击者可利用该漏洞拦截cookie并访问敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.emerson.com/en-us/support/security-notifications
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-27463
Impacted products
| Name | ['Emerson X-STREAM enhanced XEGP', 'Emerson X-STREAM enhanced XEGK', 'Emerson X-STREAM enhanced XEFD', 'Emerson X-STREAM enhanced XEXF'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-27463"
}
},
"description": "Emerson Rosemount X-STREAM Gas Analyzer\u662f\u7f8e\u56fdEmerson\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u7684\u6c14\u4f53\u5206\u6790\u4eea\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u652f\u6301\u591a\u8fbe\u4e94\u79cd\u6210\u5206\u7684\u6c14\u4f53\u5206\u6790\u4eea\uff0c\u5177\u6709NDIR / UV / VIS\u5149\u5ea6\u8ba1\uff0c\u987a\u78c1\u6027\u548c\u7535\u5316\u5b66O2\uff0c\u70ed\u5bfc\u7387\u548c\u6e7f\u5ea6\u4f20\u611f\u5668\u7b49\u529f\u80fd\u3002\n\nEmerson Rosemount X-STREAM Gas Analyzer\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u62e6\u622acookie\u5e76\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.emerson.com/en-us/support/security-notifications",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-37941",
"openTime": "2021-05-31",
"patchDescription": "Emerson Rosemount X-STREAM Gas Analyzer\u662f\u7f8e\u56fdEmerson\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u4e8e\u5de5\u4e1a\u73af\u5883\u7684\u6c14\u4f53\u5206\u6790\u4eea\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u652f\u6301\u591a\u8fbe\u4e94\u79cd\u6210\u5206\u7684\u6c14\u4f53\u5206\u6790\u4eea\uff0c\u5177\u6709NDIR / UV / VIS\u5149\u5ea6\u8ba1\uff0c\u987a\u78c1\u6027\u548c\u7535\u5316\u5b66O2\uff0c\u70ed\u5bfc\u7387\u548c\u6e7f\u5ea6\u4f20\u611f\u5668\u7b49\u529f\u80fd\u3002\r\n\r\nEmerson Rosemount X-STREAM Gas Analyzer\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u62e6\u622acookie\u5e76\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Emerson Rosemount X-STREAM Gas Analyzer\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Emerson X-STREAM enhanced XEGP",
"Emerson X-STREAM enhanced XEGK",
"Emerson X-STREAM enhanced XEFD",
"Emerson X-STREAM enhanced XEXF"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27463",
"serverity": "\u4e2d",
"submitTime": "2021-05-21",
"title": "Emerson Rosemount X-STREAM Gas Analyzer\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
FKIE_CVE-2021-27463
Vulnerability from fkie_nvd - Published: 2021-05-20 12:15 - Updated: 2024-11-21 05:58
Severity
Summary
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer.\u0026#xa0;Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesi\u00f3n no est\u00e1 apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-27463",
"lastModified": "2024-11-21T05:58:02.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T12:15:08.197",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-539"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
GHSA-C9W5-6V8F-M5C7
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
{
"affected": [],
"aliases": [
"CVE-2021-27463"
],
"database_specific": {
"cwe_ids": [
"CWE-539"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.",
"id": "GHSA-c9w5-6v8f-m5c7",
"modified": "2022-05-24T19:02:54Z",
"published": "2022-05-24T19:02:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27463"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-27463
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27463",
"description": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.",
"id": "GSD-2021-27463"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27463"
],
"details": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.",
"id": "GSD-2021-27463",
"modified": "2023-12-13T01:23:35.468478Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson Rosemount X-STREAM Gas Analyzer",
"version": {
"version_data": [
{
"version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27463"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-539"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2021-05-28T14:49Z",
"publishedDate": "2021-05-20T12:15Z"
}
}
}
ICSA-21-138-01
Vulnerability from csaf_cisa - Published: 2021-05-18 00:00 - Updated: 2021-05-18 00:00Summary
ICSA-21-138-01_Emerson Rosemount X-STREAM
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary: Emerson reported these vulnerabilities to CISA.
Exploitability: No known public exploits specifically target these vulnerabilities.
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
7.1 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
5.3 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
5.3 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
5.4 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
X-STREAM enhanced XEGP: all revisions
Emerson / X-STREAM enhanced XEGP
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEGK: all revisions
Emerson / X-STREAM enhanced XEGK
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEXF: all revisions
Emerson / X-STREAM enhanced XEXF
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
|
|
X-STREAM enhanced XEFD: all revisions
Emerson / X-STREAM enhanced XEFD
|
vers:all/* |
Mitigation
Mitigation
fix
Mitigation
|
References
7 references
Acknowledgments
Emerson
{
"document": {
"acknowledgments": [
{
"organization": "Emerson",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Emerson reported these vulnerabilities to CISA.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-138-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-138-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-138-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-138-01"
}
],
"title": "ICSA-21-138-01_Emerson Rosemount X-STREAM",
"tracking": {
"current_release_date": "2021-05-18T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-21-138-01",
"initial_release_date": "2021-05-18T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-18T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-138-01 Emerson Rosemount X Stream "
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEGP: all revisions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEGP"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEGK: all revisions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEGK"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEXF: all revisions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEXF"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEFD: all revisions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEFD"
}
],
"category": "vendor",
"name": "Emerson"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27457",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.CVE-2021-27457 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27457"
},
{
"cve": "CVE-2021-27459",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.CVE-2021-27459 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27459"
},
{
"cve": "CVE-2021-27461",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. CVE-2021-27461 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27461"
},
{
"cve": "CVE-2021-27463",
"cwe": {
"id": "CWE-539",
"name": "Use of Persistent Cookies Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. CVE-2021-27463 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27463"
},
{
"cve": "CVE-2021-27465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.CVE-2021-27465 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27465"
},
{
"cve": "CVE-2021-27467",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "The affected product \u0027s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.CVE-2021-27467 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27467"
}
]
}
VAR-202105-0684
Vulnerability from variot - Updated: 2023-12-18 10:53A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 ‥ * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 ‥ * Past traversal (CWE-22) - CVE-2021-27461 ‥ * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 ‥ * Cross-site scripting (CWE-79) - CVE-2021-27465 ‥ * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 ‥ * Arbitrary code executed by a remote third party - CVE-2021-27459 ‥ * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 ‥ * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 ‥ * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 ‥ * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0684",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x-stream enhanced xefd",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "*"
},
{
"model": "x-stream enhanced xegk",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "*"
},
{
"model": "x-stream enhanced xexf",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "*"
},
{
"model": "x-stream enhanced xegp",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "*"
},
{
"model": "rosemount x-stream",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
},
{
"model": "rosemount x-stream",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
},
{
"model": "rosemount x-stream",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "enhanced xegp"
},
{
"model": "rosemount x-stream",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "enhanced xegk"
},
{
"model": "rosemount x-stream",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "enhanced xefd"
},
{
"model": "rosemount x-stream",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "enhanced xexf"
},
{
"model": "x-stream enhanced xegp",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "x-stream enhanced xegk",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "x-stream enhanced xefd",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "x-stream enhanced xexf",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27463"
}
]
},
"cve": "CVE-2021-27463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-37941",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001505",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-27463",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-001505",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-37941",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1235",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. Rosemount X-STREAM The following multiple vulnerabilities exist in. * Inadequate encryption strength (CWE-326) - CVE-2021-27457 \u2025 * Unlimited upload of dangerous types of files (CWE-434) - CVE-2021-27459 \u2025 * Past traversal (CWE-22) - CVE-2021-27461 \u2025 * Contains sensitive information Cookie Permanent use of (CWE-539) - CVE-2021-27463 \u2025 * Cross-site scripting (CWE-79) - CVE-2021-27465 \u2025 * Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) - CVE-2021-27467The expected impact depends on each vulnerability, but it may be affected as follows. * Credentials obtained by a remote third party - CVE-2021-27457 \u2025 * Arbitrary code executed by a remote third party - CVE-2021-27459 \u2025 * By a remote third party Web Access to sensitive data stored on the server - CVE-2021-27461 \u2025 * By a remote third party Cookie Get sensitive information stored in - CVE-2021-27463 \u2025 * By a remote third party Web Page tampered with displaying incorrect or unintended data - CVE-2021-27465 \u2025 * A remote third party transfers the clicks and keystrokes made by the user to another page to obtain sensitive information. - CVE-2021-27467. The device supports gas analyzers of up to five components, with NDIR/UV/VIS photometer, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors and other functions. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-27463"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27463",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-138-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97128016",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37941",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1779",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27463",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "VULMON",
"id": "CVE-2021-27463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"id": "VAR-202105-0684",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
}
],
"trust": 1.1654762
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
}
]
},
"last_update_date": "2023-12-18T10:53:49.165000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EmersonCyber\u00a0Security\u00a0NotificationAlert\u00a0EMR.RMT20006-2",
"trust": 0.8,
"url": "https://www.emerson.com/documents/automation/security-notification-rosemount-x-stream-continuous-gas-analyzers-cyber-security-notification-en-7238500.pdf"
},
{
"title": "Patch for Emerson Rosemount X-STREAM Gas Analyzer has unspecified vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/269051"
},
{
"title": "Emerson Rosemount X-STREAM Gas Analyzer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152362"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-539",
"trust": 1.0
},
{
"problemtype": "Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inadequate encryption strength (CWE-326) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Unlimited upload of dangerous types of files (CWE-434) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Permanent with important information Cookie Use of (CWE-539) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97128016"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27463"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051909"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "VULMON",
"id": "CVE-2021-27463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"db": "VULMON",
"id": "CVE-2021-27463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27463"
},
{
"date": "2021-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"date": "2021-05-20T12:15:08.197000",
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37941"
},
{
"date": "2021-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27463"
},
{
"date": "2021-05-24T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-001505"
},
{
"date": "2021-05-28T14:49:59.013000",
"db": "NVD",
"id": "CVE-2021-27463"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson\u00a0 Made \u00a0Rosemount\u00a0X-STREAM\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001505"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1235"
}
],
"trust": 1.2
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…