Main Vulnerability Database Vulnerabilities #VU49108

Improper Authentication in Rosemount X-STREAM Gas Analyzer - CVE-2020-27254

Published: December 21, 2020

Vulnerability identifier: #VU49108

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-27254

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Rosemount X-STREAM Gas Analyzer

Software vendor:
Emerson

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and access log and backup data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The following versions of Emerson’s Rosemount X-STREAM gas analysis software, are affected:

X-STREAM enhanced XEGP – all revisions
X-STREAM enhanced XEGK – all revisions
X-STREAM enhanced XEFD – all revisions
X-STREAM enhanced XEXF – all revisions

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-352-01

Improper Authentication in Rosemount X-STREAM Gas Analyzer - CVE-2020-27254

Description

Remediation

External links

Please verify you're human