What is the vulnerability ID?

The vulnerability ID is CVE-2021-27465.

What is the severity of CVE-2021-27465?

The severity of CVE-2021-27465 is medium.

Which software versions are affected by CVE-2021-27465?

Multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer are affected by CVE-2021-27465.

How does CVE-2021-27465 impact the affected applications?

CVE-2021-27465 allows an attacker to inject arbitrary HTML code into a webpage, potentially modifying the page and displaying incorrect information.

Is there a fix available for CVE-2021-27465?

Please refer to the official reference provided by the US-CERT for information on available fixes for CVE-2021-27465.

Vulnerability/
CVE-2021-27465

medium

6.1

CWE

20/5/2021

3/8/2024

CVE-2021-27465: XSS

First published: Thu May 20 2021(Updated: )

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Emerson X-stream Enhanced Xegp Firmware
Emerson X-stream Enhanced Xegp
Emerson X-stream Enhanced Xegk Firmware
Emerson X-stream Enhanced Xegk
Emerson X-stream Enhanced Xefd Firmware
Emerson X-stream Enhanced Xefd
Emerson X-stream Enhanced Xexf Firmware
Emerson X-stream Enhanced Xexf
Emerson X-STREAM enhanced XEGP – all revisions
Emerson X-STREAM enhanced XEGK – all revisions
Emerson X-STREAM enhanced XEFD – all revisions
Emerson X-STREAM enhanced XEXF – all revisions

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-138-01

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-27465.
What is the severity of CVE-2021-27465?
The severity of CVE-2021-27465 is medium.
Which software versions are affected by CVE-2021-27465?
Multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer are affected by CVE-2021-27465.
How does CVE-2021-27465 impact the affected applications?
CVE-2021-27465 allows an attacker to inject arbitrary HTML code into a webpage, potentially modifying the page and displaying incorrect information.
Is there a fix available for CVE-2021-27465?
Please refer to the official reference provided by the US-CERT for information on available fixes for CVE-2021-27465.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
agent/trending
vendor/emerson
canonical/emerson x-stream enhanced xegp firmware
canonical/emerson x-stream enhanced xegp
canonical/emerson x-stream enhanced xegk firmware
canonical/emerson x-stream enhanced xegk
canonical/emerson x-stream enhanced xefd firmware
canonical/emerson x-stream enhanced xefd
canonical/emerson x-stream enhanced xexf firmware
canonical/emerson x-stream enhanced xexf
canonical/emerson x-stream enhanced xegp – all revisions
canonical/emerson x-stream enhanced xegk – all revisions
canonical/emerson x-stream enhanced xefd – all revisions
canonical/emerson x-stream enhanced xexf – all revisions