Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2746: Enhanced HIM Vulnerable to Cross Site Request Forgery Attack

The Rockwell Automation Enhanced HIM software contains

an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.

CVE
#xss#csrf#vulnerability#web

Skip Navigation

menu

  • Support Center
  • Get Support Chat & Submit a Question Phone Support Holiday Schedule
  • Training & Webinars
  • Online Forum
  • Customer Care Customer Care Overview Phone Support Holiday Schedule

Sign In

Quickly log in or create an account using an existing service

Yahoo

What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!

Log In or Create an AccountOpens new dialog

Please log in to continue, Username Password

Email Address *

Username *

Password

Re-enter a value for the field ‘Password’

Must match Password

First Name *

Last Name *

Forgot your username or password?

The page will refresh upon submission. Any pending input will be lost.

Current product hierarchy

  1. Drives
  2. Medium Voltage Drives

ID: PN1630 | Access Levels: Everyone

Search

Did you mean:

Published DatePublished Date 07/11/2023

Login Required to View Full Answer Content

Please use the ‘Sign In’ button above

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907