CVE-2023-2444
CVSS V2 None
CVSS V3 None
Description
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.
Overview
- CVE ID
- CVE-2023-2444
- Assigner
- PSIRT@rockwellautomation.com
- Vulnerability Status
- Received
- Published Version
- 2023-05-11T19:15:09
- Last Modified Date
- 2023-05-11T19:15:09
References
| Reference URL | Reference Tags |
|---|---|
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2444 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2444 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-05-11 20:00:24 | Added to TrackCVE |