CVE-2023-2072
Last modified
CVE-2023-2072 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. . EPSS estimates a 0.82% chance of exploitation in the next 30 days.
Description
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Powermonitor 1000 Firmware | All versions |
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761Permissions Required, Vendor Advisory
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2072?
How severe is CVE-2023-2072?
How do I fix CVE-2023-2072?
Are you affected by CVE-2023-2072?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST