Lucene search

[email protected]NVD:CVE-2023-4523

HistorySep 27, 2023 - 7:15 p.m.

CVE-2023-4523

2023-09-2719:15:12

CWE-79

[email protected]

web.nvd.nist.gov

real time automation

460 series

cross-site scripting

javascript

url string

gateway's http interface

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

9.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway’s HTTP interface would redirect to the main page, which is index.htm.

Affected configurations

NVD

Node

rtautomation460etcmmMatch-

rtautomation460mcbmsMatch-

rtautomation460mcbsMatch-

rtautomation460mmbmsMatch-

rtautomation460mmbsMatch-

AND

rtautomation460_series_firmwareRange<8.9.8

References

www.cisa.gov/news-events/ics-advisories/icsa-23-264-01

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

9.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-4523

prion1 cvelist1 ics1 cve1 nessus1