CVE-2022-3083 — LOW (3.9) — White Hats Nepal

Vulnerability Description

All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.

CVSS Score

3.9

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Landisgyr	E850 Firmware	All versions
Landisgyr	E850	-

Related Weaknesses (CWE)

CWE-565 CWE-784

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-3083?

CVE-2022-3083 is a vulnerability with a CVSS score of 3.9 (LOW). All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session co...

How severe is CVE-2022-3083?

CVE-2022-3083 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3083?

Check the references section above for vendor advisories and patch information. Affected products include: Landisgyr E850 Firmware, Landisgyr E850.