Lucene search

[email protected]CVE-2022-3083

HistoryFeb 01, 2023 - 9:15 p.m.

CVE-2022-3083

2023-02-0121:15:08

CWE-784

CWE-565

[email protected]

web.nvd.nist.gov

cve-2022-3083

landis+gyr e850

zmq200

cwe-784

web application security

cookie validation

information security

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device’s web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.

Affected configurations

NVD

Node

landisgyre850_firmware

AND

landisgyre850Match-

CPENameOperatorVersion
landisgyr:e850_firmwarelandisgyr e850 firmwareeq*

CPE	Name	Operator	Version
landisgyr:e850_firmware	landisgyr e850 firmware	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "E850 (ZMQ200)",
    "vendor": "Landis+Gyr",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-23-026-07

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for CVE-2022-3083

prion1 cvelist1 ics1 nvd1