CVE-2023-2072
Summary
| CVE | CVE-2023-2072 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-11 14:15:00 UTC |
| Updated | 2023-07-18 21:02:00 UTC |
| Description | The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Rockwellautomation | Powermonitor 1000 | - | All | All | All |
| Operating System | Rockwellautomation | Powermonitor 1000 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761 | MISC | rockwellautomation.custhelp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.