CVE-2022-3083
Last modified
CVE-2022-3083 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values. . EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Landisgyr | E850 Firmware | All versions |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3083?
How severe is CVE-2022-3083?
How do I fix CVE-2022-3083?
Are you affected by CVE-2022-3083?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST