Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2746
HistoryJul 11, 2023 - 2:15 p.m.

Cross site request forgery (csrf)

2023-07-1114:15:00
PRIOn knowledge base
www.prio-n.com
4
rockwell automation
enhanced him software
api
vulnerability
csrf attack
cross-origin resource sharing
cors settings
social engineering attack
cross site scripting
xss
sensitive information disclosure
remote access

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.4%

JSON

The Rockwell Automation Enhanced HIM software contains

an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.

CPENameOperatorVersion
enhanced_himeq1.001

Related

cvelist 1
ics 1
nvd 1
cve 1
cvelist
cvelist
CVE-2023-2746 Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack
2023-07-11 13:15:04
ics
ics
Rockwell Automation Enhanced HIM
2023-07-11 12:00:00
nvd
nvd
CVE-2023-2746
2023-07-11 14:15:09
cve
cve
CVE-2023-2746
2023-07-11 14:15:09

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.4%

JSON
Related for PRION:CVE-2023-2746
cvelist1ics1nvd1cve1