An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
File data ot_500247.nasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19616
packetstormsecurity.com/files/150619/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-Authentication-Bypass.html
www.securityfocus.com/bid/106333
www.securityfocus.com/bid/108538
ics-cert.us-cert.gov/advisories/ICSA-19-050-04
www.exploit-db.com/exploits/45937/