CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2746 – Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack
https://notcve.org/view.php?id=CVE-2023-2746
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2072 – Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-2072
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2778 – Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service
https://notcve.org/view.php?id=CVE-2023-2778
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2639 – Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2023-2639
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683 • CWE-346: Origin Validation Error •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2638 – Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
https://notcve.org/view.php?id=CVE-2023-2638
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683 • CWE-287: Improper Authentication •