Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
29 Sep 2023, 15:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:rtautomation:460_series_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rtautomation:460mcbms:-:*:*:*:*:*:*:* cpe:2.3:h:rtautomation:460mcbs:-:*:*:*:*:*:*:* cpe:2.3:h:rtautomation:460etcmm:-:*:*:*:*:*:*:* cpe:2.3:h:rtautomation:460mmbs:-:*:*:*:*:*:*:* cpe:2.3:h:rtautomation:460mmbms:-:*:*:*:*:*:*:* |
|
First Time |
Rtautomation
Rtautomation 460mmbs Rtautomation 460mcbs Rtautomation 460mmbms Rtautomation 460etcmm Rtautomation 460mcbms Rtautomation 460 Series Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
27 Sep 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4523
Mitre link : CVE-2023-4523
CVE.ORG link : CVE-2023-4523
JSON object : View
Products Affected
rtautomation
- 460mcbs
- 460_series_firmware
- 460mmbms
- 460mmbs
- 460mcbms
- 460etcmm
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')