CVE-2020-27254

HIGH WAF: Low

CVSS 7.5 Published: 2020-12-21

CWE-287 CWE-287

Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.

WAF Coverage Analysis

Improper Authentication Low WAF Coverage

OWASP: A07:2021 Identification and Authentication Failures

Improper Authentication Low WAF Coverage

OWASP: A07:2021 Identification and Authentication Failures

Affected Software

Vendor	Product	Version
emerson	x-stream_enhanced_xegp_firmware	all versions
emerson	x-stream_enhanced_xegk_firmware	all versions
emerson	x-stream_enhanced_xefd_firmware	all versions
emerson	x-stream_enhanced_xexf_firmware	all versions

References

us-cert.cisa.gov (Third Party Advisory, US Government Resource)

Back to CVE Database