Loading

PN1631 | PowerMonitor™ 1000 – Cross-Site Scripting Vulnerability

Severity:
High
Advisory ID:
PN1631
Veröffentlichungsdatum:
July 11, 2023
Zuletzt aktualisiert:
September 09, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Nein
Corrected:
Nein
Workaround:
Nein
CVE IDs
CVE-2023-2072
Zusammenfassung
PowerMonitor™ 1000 – Cross-Site Scripting Vulnerability

 

Revision Number
1.1
Revision History
Version 1.0 – July 11, 2023
Version 1.1 - September 9, 2025

Affected Products

Affected Product (automated) First Known in Software Revision Corrected in Software Revision
PowerMonitor™ 1000 V4.011 V4.019

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess the security issues.  The security of our products is important to us as your industrial automation supplier.  This issue was found internally during routine testing and is being reported based on our commitment to transparency and to improving business environments.

CVE-2023-2072 IMPACT
The PowerMonitor 1000 contains stored cross site scripting security issues within the web page of the product.  The pages do not require privileges to access and can be injected with code by an attacker. This could be used to leverage an attack on an authenticated user. The result being remote code execution and the complete loss of confidentiality, integrity, and availability of the product.

CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787 Out-Of-Bounds Write


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigation and our suggested security best practices below to minimize the potential risks.
  • Upgrade to V4.019 which has been patched to mitigate these issues.
  • Security Best Practices: QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risks.

Additional Resources

  • CVE-2023-2072 JSON

Glossary

Cross Site Scripting Vulnerability: (XSS) a web security vulnerability that allows an attacker to inject malicious scripts into content from otherwise trusted websites

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Startseite Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Bitte aktualisieren Sie Ihre Cookie-Einstellungen, um fortzufahren.
Für diese Funktion sind Cookies erforderlich, um Ihr Erlebnis zu verbessern. Bitte aktualisieren Sie Ihre Einstellungen, um diese Cookies zuzulassen:
  • Social-Media-Cookies
  • Funktionale Cookies
  • Leistungscookies
  • Marketing-Cookies
  • Alle Cookies
Sie können Ihre Einstellungen jederzeit aktualisieren. Weitere Informationen finden Sie in unserem {0} Datenschutzrichtlinie
CloseClose