The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2023-07-11T13:15:04.152Z
Updated: 2024-08-02T06:33:05.556Z
Reserved: 2023-05-16T20:09:25.338Z
Link: CVE-2023-2746
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-11T14:15:09.467
Modified: 2023-07-18T19:26:41.327
Link: CVE-2023-2746
Redhat
No data.