A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation requires an attacker to be able to update configuration fields behind admin login.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRockwellautomation 1783 Natr
HWRockwellautomationwszystkie wersjeRockwellautomation 1783 Natr Firmware
OSRockwellautomation< 1.007
Powiązane podatności
Brak uwierzytelnienia w krytycznych funkcjach Rockwell Automation 1783-NATR
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems ...
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...
Słabe szyfrowanie haseł w Rockwell Automation FactoryTalk AssetCentre