CVE-2023-2876
Session cookie exposure for client side script
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
*Credits:
ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-24 CVE Reserved
- 2023-06-13 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
- CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
CAPEC
- CAPEC-63: Cross-Site Scripting (XSS)
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Rex640 Pcl1 Firmware Search vendor "Abb" for product "Rex640 Pcl1 Firmware" | >= 1.0.0 < 1.0.8 Search vendor "Abb" for product "Rex640 Pcl1 Firmware" and version " >= 1.0.0 < 1.0.8" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl1 Search vendor "Abb" for product "Rex640 Pcl1" | - | - |
Safe
|
| Abb Search vendor "Abb" | Rex640 Pcl2 Firmware Search vendor "Abb" for product "Rex640 Pcl2 Firmware" | >= 1.0.0 < 1.1.4 Search vendor "Abb" for product "Rex640 Pcl2 Firmware" and version " >= 1.0.0 < 1.1.4" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl2 Search vendor "Abb" for product "Rex640 Pcl2" | - | - |
Safe
|
| Abb Search vendor "Abb" | Rex640 Pcl3 Firmware Search vendor "Abb" for product "Rex640 Pcl3 Firmware" | >= 1.0.0 < 1.2.1 Search vendor "Abb" for product "Rex640 Pcl3 Firmware" and version " >= 1.0.0 < 1.2.1" | - |
Affected
| in | Abb Search vendor "Abb" | Rex640 Pcl3 Search vendor "Abb" for product "Rex640 Pcl3" | - | - |
Safe
|