Lucene search

[email protected]NVD:CVE-2023-2876

HistoryJun 13, 2023 - 4:15 a.m.

CVE-2023-2876

2023-06-1304:15:10

CWE-1004

CWE-732

[email protected]

web.nvd.nist.gov

abb

rex640

cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

Affected configurations

NVD

Node

abbrex640_pcl1Match-

AND

abbrex640_pcl1_firmwareRange1.0.0–1.0.8

Node

abbrex640_pcl2Match-

AND

abbrex640_pcl2_firmwareRange1.0.0–1.1.4

Node

abbrex640_pcl3Match-

AND

abbrex640_pcl3_firmwareRange1.0.0–1.2.1

References

search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for NVD:CVE-2023-2876

cve1 nessus1 prion1 cvelist1