CVE-2020-27254
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
21/12/2020
Last modified:
22/12/2020
Description
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page