Reliance on Cookies without Validation and Integrity in Landis+Gyr E850
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-3083 |
| CWE-ID | CWE-784 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
E850 (ZMQ200) Hardware solutions / Other hardware appliances |
| Vendor | Landis+Gyr |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Reliance on Cookies without Validation and Integrity Checking in a Security Decision
EUVDB-ID: #VU71596
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3083
CWE-ID:
CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the web application navigation depends on the value of the session cookie. A local user can change the cookie values and cause the web application to become inaccessible for the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsE850 (ZMQ200): All versions
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-23-026-07
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
