PT-2020-16668 · Emerson · Emerson Rosemount X-Stream Gas Analyzer

Published

2020-12-21

Updated

2020-12-22

CVE-2020-27254

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Emerson Rosemount X-STREAM Gas Analyzer versions all revisions

Description The affected products are vulnerable to improper authentication for accessing log and backup data. This could allow an attacker with a specially crafted URL to obtain access to sensitive information.

Recommendations For all revisions, consider restricting access to log and backup data until a proper authentication mechanism is implemented. As a temporary workaround, restrict access to sensitive information to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-27254

Affected Products

Emerson Rosemount X-Stream Gas Analyzer

PT-2020-16668 · Emerson · Emerson Rosemount X-Stream Gas Analyzer

CVE-2020-27254

Weakness Enumeration

Related Identifiers

Affected Products

References · 5