The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2023-07-11T13:15:04.152Z
Updated: 2024-11-07T17:27:54.204Z
Reserved: 2023-05-16T20:09:25.338Z
Link: CVE-2023-2746
Vulnrichment
Updated: 2024-08-02T06:33:05.556Z
NVD
Status : Modified
Published: 2023-07-11T14:15:09.467
Modified: 2024-11-21T07:59:12.863
Link: CVE-2023-2746
Redhat
No data.