CVE-2021-27463

Summary

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
n/aEmerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP – all revisions, X-STREAM enhanced XEGK – all revisions, X-STREAM enhanced XEFD – all revisions, X-STREAM enhanced XEXF – all revisionsaffected

Weaknesses

  • CWE-539: USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539

ADP Enrichment

CVE Program Container

Additional References

References