Rockwell Automation Powermonitor 3000 1404-M405A-DNT

Binary data 753800.prm...

Rockwell Automation PowerMonitor 5000 1426-M8E-A PowerMonitor 5000 Series

Binary data 754711.prm...

Rockwell Automation PowerMonitor Detection (HTTP)

HTTP based detection of Rockwell Automation PowerMonitor devices. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. UPDATE INFORMATION This updated...

Allen-Bradley PowerMonitor 1000 Cross-Site Scripting Vulnerability

Rockwell Automation Allen-Bradley PowerMonitor 1000 is a power monitoring device from Rockwell Automation. A cross-site scripting vulnerability exists in the /Security/Security.shtm page in the Rockwell Automation Allen-Bradley PowerMonitor 1000. A remote attacker can exploit this vulnerability t...

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

CVE-2018-19616

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element...

Code injection

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device...

Design/Logic Flaw

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element...

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

CVE-2018-19616

CVE-2018-19616 affects Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated attacker can bypass authentication and gain/modify administrator rights due to client-side access control implemented as a disabled button element in the web UI. The vulnerability enables remote manipul...

CVE-2018-19616

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element...

CVE-2018-19615

CVE-2018-19615 affects Rockwell Automation Allen-Bradley PowerMonitor 1000 (all versions). The vulnerability is described as Cross-Site Scripting due to improper neutralization of input during web page generation, enabling a remote attacker to inject arbitrary code into a targeted user’s browser ...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Cross-Site Scripting (CVE-2018-19615)

A XSS injection vulnerability exists in Rockwell Automation Allen-Bradley PowerMonitor login page. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Access Control Error Vulnerability

Rockwell Automation Allen-Bradley PowerMonitor 1000 is a power monitoring device from Rockwell Automation. An access control error vulnerability exists in the Web pages of the Rockwell Automation Allen-Bradley PowerMonitor 1000, which can be exploited by an attacker to add a new user with...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Authentication Bypass

Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass

Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...

Rockwell Automation Allen-Bradley PowerMonitor 1000 XSS

Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/...