RockwellCVE-2023-2072CVE-2023-2072
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. Β The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | powermonitor_1000 | - | cpe:2.3:h:rockwellautomation:powermonitor_1000:-:*:*:*:*:*:*:* |
| rockwellautomation | powermonitor_1000_firmware | - | cpe:2.3:o:rockwellautomation:powermonitor_1000_firmware:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PowerMonitor 1000",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V4.011"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%