6.1
CVE-2023-2876
- EPSS 0.25%
- Veröffentlicht 13.06.2023 04:15:10
- Zuletzt bearbeitet 21.11.2024 07:59:28
- Quelle cybersecurity@ch.abb.com
- CVE-Watchlists
- Unerledigt
LoginSession cookie exposure for client side script
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Abb ≫ Rex640 Pcl1 Firmware Version >= 1.0.0 < 1.0.8
Abb ≫ Rex640 Pcl2 Firmware Version >= 1.0.0 < 1.1.4
Abb ≫ Rex640 Pcl3 Firmware Version >= 1.0.0 < 1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.485 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cybersecurity@ch.abb.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.