CVE-2023-2876

🗓️ 13 Jun 2023 03:52:12Reported by ABBType

CVE-2023-2876: Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1, PCL2, PCL3 allows XS

Reporter	Title	Published	Views	Family All 9
CNNVD	ABB REX640 安全漏洞	13 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-2876 Session cookie exposure for client side script	13 Jun 202303:52	–	cvelist
EUVD	EUVD-2023-34324	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2876	13 Jun 202304:15	–	nvd
OSV	CVE-2023-2876	13 Jun 202304:15	–	osv
Prion	Cross site scripting	13 Jun 202304:15	–	prion
Positive Technologies	PT-2023-9781 · Abb · Abb Rex640 Pcl3 +2	13 Jun 202300:00	–	ptsecurity
Tenable Nessus	ABB REX640 Incorrect Permission Assignment for Critical Resource (CVE-2023-2876)	26 Jun 202300:00	–	nessus
Vulnrichment	CVE-2023-2876 Session cookie exposure for client side script	13 Jun 202303:52	–	vulnrichment

NVD

Node

abb rex640_pcl1_firmwareRange1.0.0–1.0.8

AND

abb rex640_pcl1Match-

Node

abb rex640_pcl2_firmwareRange1.0.0–1.1.4

AND

abb rex640_pcl2Match-

Node

abb rex640_pcl3_firmwareRange1.0.0–1.2.1

AND

abb rex640_pcl3Match-

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "firmware"
    ],
    "product": "REX640 PCL1",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "1.0.8",
        "status": "affected",
        "version": "1.0;0",
        "versionType": "firmware update"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Firmware"
    ],
    "product": "REX640 PCL2",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "1.1.4",
        "status": "affected",
        "version": "1.0;0",
        "versionType": "firwmare update"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "firmware"
    ],
    "product": "REX640 PCL3",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "1.2.1",
        "status": "affected",
        "version": "1.0;0",
        "versionType": "firwmare update"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

21 Nov 2024 07:59Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.13.1 - 6.1

EPSS0.00251

SSVC