Lucene search

[email protected]NVD:CVE-2021-27465

HistoryMay 20, 2021 - 12:15 p.m.

CVE-2021-27465

2021-05-2012:15:08

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

emerson rosemount

x-stream gas analyzer

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.6%

JSON

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.

Affected configurations

Nvd

Node

emersonx-stream_enhanced_xegp_firmware

AND

emersonx-stream_enhanced_xegpMatch-

Node

emersonx-stream_enhanced_xegk_firmware

AND

emersonx-stream_enhanced_xegkMatch-

Node

emersonx-stream_enhanced_xefd_firmware

AND

emersonx-stream_enhanced_xefdMatch-

Node

emersonx-stream_enhanced_xexf_firmware

AND

emersonx-stream_enhanced_xexfMatch-

VendorProductVersionCPE
emersonx-stream_enhanced_xegp_firmware*cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*
emersonx-stream_enhanced_xegp-cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*
emersonx-stream_enhanced_xegk_firmware*cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*
emersonx-stream_enhanced_xegk-cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*
emersonx-stream_enhanced_xefd_firmware*cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*
emersonx-stream_enhanced_xefd-cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*
emersonx-stream_enhanced_xexf_firmware*cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*
emersonx-stream_enhanced_xexf-cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emerson	x-stream_enhanced_xegp_firmware	*	cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware::::::::
emerson	x-stream_enhanced_xegp	-	cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:::::::*
emerson	x-stream_enhanced_xegk_firmware	*	cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware::::::::
emerson	x-stream_enhanced_xegk	-	cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:::::::*
emerson	x-stream_enhanced_xefd_firmware	*	cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware::::::::
emerson	x-stream_enhanced_xefd	-	cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:::::::*
emerson	x-stream_enhanced_xexf_firmware	*	cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware::::::::
emerson	x-stream_enhanced_xexf	-	cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:::::::*

References

us-cert.cisa.gov/ics/advisories/icsa-21-138-01

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.6%

JSON

Related for NVD:CVE-2021-27465

cve1 cvelist1 prion1 ics1