S21Sec

**Name of the Vulnerable Software and Affected Versions** Landis+Gyr E850 (ZMQ200) versions all **Description** The device's web application navigation depends on the value of the `session cookie`. If an attacker changes the `session cookie` values, the web application could become inaccessible for the user. This issue is related to the reliance on cookies without validation and integrity. **Recommendations** For all versions, consider implementing cookie validation and integrity checks to prevent unauthorized modifications. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.