CVE-2023-2746
CVSS V2 None
CVSS V3 None
Description
The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
Overview
- CVE ID
- CVE-2023-2746
- Assigner
- Rockwell
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-11T13:15:04.152Z
- Last Modified Date
- 2023-07-11T13:15:04.152Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2746 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2746 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 22:18:33 | Added to TrackCVE |