vulnerability context

CVE-2023-4523

CVSS 9.4 CRITICALEPSS 25%CWE-79

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.

Published 2023-09-27 · last modified 2024-11-21

details

CISA KEV status: Not in catalog
CVSS v3: 9.4 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS: 25% percentile (score 0.0008)
CWE: CWE-79

View on NVD → · cve.org

source mentions 1

ABB B&R PCsCISA Alerts · 19d ago

source consensus

CISA Alerts1×

Want the 3-bullet summary of CVE-2023-4523, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →