Vulnerability Description
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emerson | X-Stream Enhanced Xegp Firmware | All versions |
| Emerson | X-Stream Enhanced Xegp | - |
| Emerson | X-Stream Enhanced Xegk Firmware | All versions |
| Emerson | X-Stream Enhanced Xegk | - |
| Emerson | X-Stream Enhanced Xefd Firmware | All versions |
| Emerson | X-Stream Enhanced Xefd | - |
| Emerson | X-Stream Enhanced Xexf Firmware | All versions |
| Emerson | X-Stream Enhanced Xexf | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27463?
CVE-2021-27463 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly...
How severe is CVE-2021-27463?
CVE-2021-27463 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27463?
Check the references section above for vendor advisories and patch information. Affected products include: Emerson X-Stream Enhanced Xegp Firmware, Emerson X-Stream Enhanced Xegp, Emerson X-Stream Enhanced Xegk Firmware, Emerson X-Stream Enhanced Xegk, Emerson X-Stream Enhanced Xefd Firmware.