Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2072

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.

Published

2023-07-11T14:15:09.403

Last Modified

2024-11-21T07:57:52.907

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-787
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	rockwellautomation	powermonitor_1000_firmware	-	Yes
Hardware	rockwellautomation	powermonitor_1000	-	No

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761 Permissions Required, Vendor Advisory ([email protected])
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)