CVE-2018-19615

🗓️ 26 Dec 2018 21:29:02Reported by GoogleType

osv

osv🔗 osv.dev

CVE-2018-19615 enables remote code injection in PowerMonitor 1000 via a targeted browser to gain access.

Reporter	Title	Published	Views	Family All 12
Tenable Nessus	Rockwell Automation Powermonitor1000 1408 Code Injection	8 May 201900:00	–	nessus
Tenable Nessus	Rockwellautomation Powermonitor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	8 Nov 201900:00	–	nessus
Tenable Nessus	Rockwell Automation Allen-Bradley PowerMonitor 1000 Improper Neutralization of Input During Web Page Generation (CVE-2018-19615)	7 Feb 202200:00	–	nessus
CNVD	Allen-Bradley PowerMonitor 1000 Cross-Site Scripting Vulnerability	27 Dec 201800:00	–	cnvd
Check Point Advisories	Rockwell Automation Allen-Bradley PowerMonitor 1000 Cross-Site Scripting (CVE-2018-19615)	25 Dec 201800:00	–	checkpoint_advisories
CVE	CVE-2018-19615	26 Dec 201820:00	–	cve
Cvelist	CVE-2018-19615	26 Dec 201820:00	–	cvelist
EUVD	EUVD-2018-11302	7 Oct 202500:30	–	euvd
ICS	Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)	19 Feb 201900:00	–	ics
NVD	CVE-2018-19615	26 Dec 201821:29	–	nvd

Source	Link
securityfocus	www.securityfocus.com/bid/108538
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-19-050-04
securityfocus	www.securityfocus.com/bid/106333
exploit-db	www.exploit-db.com/exploits/45928/
packetstormsecurity	www.packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.html

04 May 2026 08:26Current

6Medium risk

Vulners AI Score6

CVSS 3.16.1

EPSS0.00217

powermonitor 1000 remote code injection browser attack industrial controller rockwell automation