// For flags

CVE-2023-2876

Session cookie exposure for client side script

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

*Credits: ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-24 CVE Reserved
  • 2023-06-13 CVE Published
  • 2024-07-15 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
  • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
CAPEC
  • CAPEC-63: Cross-Site Scripting (XSS)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Abb
Search vendor "Abb"
Rex640 Pcl1 Firmware
Search vendor "Abb" for product "Rex640 Pcl1 Firmware"
>= 1.0.0 < 1.0.8
Search vendor "Abb" for product "Rex640 Pcl1 Firmware" and version " >= 1.0.0 < 1.0.8"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl1
Search vendor "Abb" for product "Rex640 Pcl1"
--
Safe
Abb
Search vendor "Abb"
Rex640 Pcl2 Firmware
Search vendor "Abb" for product "Rex640 Pcl2 Firmware"
>= 1.0.0 < 1.1.4
Search vendor "Abb" for product "Rex640 Pcl2 Firmware" and version " >= 1.0.0 < 1.1.4"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl2
Search vendor "Abb" for product "Rex640 Pcl2"
--
Safe
Abb
Search vendor "Abb"
Rex640 Pcl3 Firmware
Search vendor "Abb" for product "Rex640 Pcl3 Firmware"
>= 1.0.0 < 1.2.1
Search vendor "Abb" for product "Rex640 Pcl3 Firmware" and version " >= 1.0.0 < 1.2.1"
-
Affected
in Abb
Search vendor "Abb"
Rex640 Pcl3
Search vendor "Abb" for product "Rex640 Pcl3"
--
Safe