CVE-2023-2876

Published: Jun 13, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

Affected (3)

Products: Abb: Rex640 Pcl1 Firmware, Rex640 Pcl2 Firmware, Rex640 Pcl3 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abb Rex640 Pcl1 Firmware	From 1.0.0 to 1.0.8

Running on/with	Platform Versions
Abb Rex640 Pcl1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abb Rex640 Pcl2 Firmware	From 1.0.0 to 1.1.4

Running on/with	Platform Versions
Abb Rex640 Pcl2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abb Rex640 Pcl3 Firmware	From 1.0.0 to 1.2.1

Running on/with	Platform Versions
Abb Rex640 Pcl3	All versions

Related CWEs

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@ch.abb.com

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.