Overview
- Description
- All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:landisgyr:e850_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AED4BA7-6966-42F4-840F-48D1B042691C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:landisgyr:e850:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "46C34DD8-8438-4F88-B5DC-950CE327B490"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]