Page 9 of 83 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. El servidor web de los productos afectados permite que sean cargados archivos no comprobados, que un atacante podría usar para ejecutar código arbitrario • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Los productos afectados usan un algoritmo de cifrado débil para el almacenamiento de datos confidenciales, lo que puede permitir a un atacante obtener más fácilmente las credenciales usadas para el acceso • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. La interfaz web del producto afectado permite a un atacante enrutar el clic o la pulsación de una tecla a otra página proporcionada por el atacante para conseguir acceso no autorizado a información confidencial • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Las aplicaciones afectadas no comprueban una entrada de la página web, lo que podría permitir a un atacante inyectar código HTML arbitrario en una página web. • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Las aplicaciones afectadas usan cookies persistentes donde el atributo de cookie de sesión no está apropiadamente invalidada, permitiendo a un atacante interceptar las cookies y conseguir acceso a información confidencial • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-539: Use of Persistent Cookies Containing Sensitive Information •