Headline
CVE-2023-2746: Enhanced HIM Vulnerable to Cross Site Request Forgery Attack
The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
Skip Navigation
menu
- Support Center
- Get Support Chat & Submit a Question Phone Support Holiday Schedule
- Training & Webinars
- Online Forum
- Customer Care Customer Care Overview Phone Support Holiday Schedule
Sign In
Quickly log in or create an account using an existing service
Yahoo
What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!
Log In or Create an AccountOpens new dialog
Please log in to continue, Username Password
Email Address *
Username *
Password
Re-enter a value for the field ‘Password’
Must match Password
First Name *
Last Name *
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.
Current product hierarchy
- Drives
- Medium Voltage Drives
ID: PN1630 | Access Levels: Everyone
Search
Did you mean:
Published DatePublished Date 07/11/2023
Login Required to View Full Answer Content
Please use the ‘Sign In’ button above