ICSA-21-138-01
Vulnerability from csaf_cisa - Published: 2021-05-18 00:00 - Updated: 2021-05-18 00:00Summary
ICSA-21-138-01_Emerson Rosemount X-STREAM
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary: Emerson reported these vulnerabilities to CISA.
Exploitability: No known public exploits specifically target these vulnerabilities.
7.5 (High)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
7.1 (High)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
7.5 (High)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
5.3 (Medium)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
5.3 (Medium)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
5.4 (Medium)
Mitigation
Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com
Mitigation
In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.
https://www.emerson.com/en-us/support/security-no…
Mitigation
One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.
References
Acknowledgments
Emerson
{
"document": {
"acknowledgments": [
{
"organization": "Emerson",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Emerson reported these vulnerabilities to CISA.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-138-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-138-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-138-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-138-01"
}
],
"title": "ICSA-21-138-01_Emerson Rosemount X-STREAM",
"tracking": {
"current_release_date": "2021-05-18T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-21-138-01",
"initial_release_date": "2021-05-18T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-18T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-138-01 Emerson Rosemount X Stream "
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEGP: all revisions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEGP"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEGK: all revisions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEGK"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEXF: all revisions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEXF"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "X-STREAM enhanced XEFD: all revisions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "X-STREAM enhanced XEFD"
}
],
"category": "vendor",
"name": "Emerson"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27457",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.CVE-2021-27457 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27457"
},
{
"cve": "CVE-2021-27459",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.CVE-2021-27459 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27459"
},
{
"cve": "CVE-2021-27461",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. CVE-2021-27461 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27461"
},
{
"cve": "CVE-2021-27463",
"cwe": {
"id": "CWE-539",
"name": "Use of Persistent Cookies Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. CVE-2021-27463 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27463"
},
{
"cve": "CVE-2021-27465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.CVE-2021-27465 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27465"
},
{
"cve": "CVE-2021-27467",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "The affected product \u0027s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.CVE-2021-27467 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Emerson recommends users update the firmware of the affected products. A new release that addresses the issues identified in this cybersecurity notification impacting the affected products is available. For information on how to obtain the update, contact TechSupport.Hasselroth@emerson.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "In addition, Emerson recommends users of affected products continue to utilize current cybersecurity industry best practices and ensure the affected products are connected to a well-protected network and properly segmented from the Internet. For more information see the Emerson Security notifications page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.emerson.com/en-us/support/security-notifications"
},
{
"category": "mitigation",
"details": "One of the cybersecurity best practices should include configuring web browsers to prohibit storage of user information such as login names and passwords.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-27467"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…