CVE-2025-22493

Published: Mar 5, 2025Modified: Mar 5, 2025

5.6

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Exploitability: 0.8 / Impact: 4.7

Source: CybersecurityCOE@eaton.com (Secondary)

Description

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf

Source: CybersecurityCOE@eaton.com

Timeline

No history available yet.