CVE-2021-27463

{"id": "CVE-2021-27463", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-05-20T12:15:08.197", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-539"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en m\u00faltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesi\u00f3n no est\u00e1 apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a informaci\u00f3n confidencial"}], "lastModified": "2021-05-28T14:49:59.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5270378D-26DB-440F-B367-3DD5448AE617"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F281FEE8-4070-438F-992E-2CDA93FB1F1A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D80C8438-3710-4601-A50B-20C935E45ECD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3447F879-FEB9-4FBE-97A9-42C7089B2641"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5D8DF7-B1B5-43BA-A0D8-12918844454B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33A8815B-A002-428F-95D1-A9BD87CC34A5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAACCF9F-2B01-4F80-BE90-69B4D432BCB1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49291A79-646A-40B2-8524-00C37CC1BBF3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}