CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2444
https://notcve.org/view.php?id=CVE-2023-2444
11 May 2023 — A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2443
https://notcve.org/view.php?id=CVE-2023-2443
11 May 2023 — Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1834 – Rockwell Automation Kinetix 5500 Vulnerable to Open Port Exploitation
https://notcve.org/view.php?id=CVE-2023-1834
11 May 2023 — Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29022 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29022
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29029 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29029
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29028 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29028
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29027 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29027
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29026 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29026
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29025 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29025
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29024 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29024
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •