IcscertCVELIST:CVE-2023-4523CVE-2023-4523 Real Time Automation 460 Series Cross-site Scripting
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gatewayβs HTTP interface would redirect to the main page, which is index.htm.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "460 Series",
"vendor": "Real Time Automation",
"versions": [
{
"lessThan": "v8.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%