15 matches found
CVE-2021-27463
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive...
EUVD-2021-14215
Malware in sbrugna...
EUVD-2020-19767
Malware in sbrugna...
Unspecified Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer (CNVD-2021-37939)
The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...
CVE-2021-27465
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorre...
CVE-2021-27467
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information...
Information disclosure
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information...
CVE-2021-27461
CVE-2021-27461 is a path traversal vulnerability in Emerson Rosemount X-STREAM Gas Analyzer web servers. Affected products include X-STREAM enhanced XEGP, XEGK, XEFD, and XEXF (all revisions). The underlying issue allows an attacker to access stored data by crafting specific URLs, consistent with...
CVE-2021-27459
CVE-2021-27459 describes a vulnerability in Emerson Rosemount X-STREAM Gas Analyzer where the webserver allows unvalidated file uploads, enabling arbitrary code execution. This affects multiple revisions of the X-STREAM webserver components. Evidence from multiple sources (including ICSA-21-138-0...
CVE-2021-27457
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...
CVE-2021-27457
CVE-2021-27457 affects Emerson Rosemount X-STREAM Gas Analyzer (X-STREAM enhanced XEGP, XEGK, XEFD, XEXF—all revisions). The root cause is inadequate encryption strength used to store sensitive data, which could allow an attacker to obtain credentials. ICSA/CISA report CVSSv3.1 base score 7.5 (hi...
CVE-2021-27467
The CVE-2021-27467 issue affects Emerson Rosemount X-STREAM Gas Analyzer and its web UI, where the web interface’s handling of UI rendering enables an attacker to route a user to a page controlled by the attacker, potentially exposing sensitive information. The root cause is improper restriction ...
CVE-2021-27463
CVE-2021-27463 affects Emerson Rosemount X-STREAM Gas Analyzer. The vulnerability arises from persistent cookies where the session cookie attribute is not properly invalidated, enabling an attacker to intercept cookies and access sensitive information. Affected products include multiple X-STREAM ...
CVE-2020-27254
The CVE-2020-27254 entry concerns Emerson Rosemount X-STREAM Gas Analyzer software (X-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions). Affected products are vulnerable to improper authentication (CWE-287), allowing an attacker who can craft a URL to access log/backup data and obtain sensi...
Emerson Rosemount X-STREAM
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Rosemount X-STREAM Gas Analyzer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker through a...