7 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Las aplicaciones del servidor web afectadas permiten el acceso a unos datos almacenados que pueden ser obtenidos al usar una URL especialmente diseñada • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. El servidor web de los productos afectados permite que sean cargados archivos no comprobados, que un atacante podría usar para ejecutar código arbitrario • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Los productos afectados usan un algoritmo de cifrado débil para el almacenamiento de datos confidenciales, lo que puede permitir a un atacante obtener más fácilmente las credenciales usadas para el acceso • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. La interfaz web del producto afectado permite a un atacante enrutar el clic o la pulsación de una tecla a otra página proporcionada por el atacante para conseguir acceso no autorizado a información confidencial • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. Una vulnerabilidad ha sido encontrada en múltiples revisiones del programa Emerson Rosemount X-STREAM Gas Analyzer. Las aplicaciones afectadas no comprueban una entrada de la página web, lo que podría permitir a un atacante inyectar código HTML arbitrario en una página web. • https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •