Lucene search
IcscertCVE-2023-23553HistoryFeb 13, 2023 - 6:15 p.m.
CVE-2023-23553
2023-02-1318:15:11
CWE-79
icscert
web.nvd.nist.gov
24
cve-2023-23553
control by web
x-400
cross-site scripting
data theft
vulnerability
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
40.3%
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
Affected configurations
Node
controlbywebx-400_firmwareRange<2.8
controlbywebx-400Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| controlbyweb | x-400_firmware | * | cpe:2.3:o:controlbyweb:x-400_firmware:*:*:*:*:*:*:*:* |
| controlbyweb | x-400 | - | cpe:2.3:h:controlbyweb:x-400:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "X-400 devices",
"vendor": "Control By Web",
"versions": [
{
"lessThan": "2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-23553
2023-02-13 18:15:11
prion
prion
Cross site scripting
2023-02-13 18:15:00
cvelist
cvelist
CVE-2023-23553 X-400 Cross-Site Scripting
2023-02-13 17:03:44
ics
ics
Control By Web X-400, X-600M
2023-02-09 12:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
40.3%
Related for CVE-2023-23553