Primary

Context

Eaton Foreseer Reporting Software SameSite Cookie Vulnerability Allowing Unencrypted Transmission

Vulnerability

A vulnerability exists in Eaton Foreseer Reporting Software (FRS) versions prior to 1.5.100) due to the Secure flag not being set and the SameSite attribute being configured to Lax. This oversight can result in session cookies being sent over unencrypted HTTP, potentially exposing them to interception. The issue has been addressed in FRS version 1.5.100.

Impact

Exploitation of this vulnerability could allow session cookies to be transmitted over unencrypted HTTP, increasing the risk of interception and session hijacking.

Remediation

Users can upgrade to Eaton Foreseer Reporting Software version 1.5.100 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eaton Foreseer Reporting Software SameSite Cookie Vulnerability Allowing Unencrypted Transmission

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating