Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2746

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.

Published

2023-07-11T14:15:09.467

Last Modified

2024-11-21T07:59:12.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rockwellautomation	enhanced_him	1.001	Yes

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760 Permissions Required, Vendor Advisory ([email protected])
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)