Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
References
| Link | Resource |
|---|---|
| https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
26 Jun 2023, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Abb rex640 Pcl2
Abb rex640 Pcl1 Abb rex640 Pcl2 Firmware Abb rex640 Pcl1 Firmware Abb rex640 Pcl3 Abb rex640 Pcl3 Firmware Abb |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| References | (MISC) https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory | |
| CWE | CWE-732 | |
| CPE | cpe:2.3:h:abb:rex640_pcl1:-:*:*:*:*:*:*:* cpe:2.3:h:abb:rex640_pcl2:-:*:*:*:*:*:*:* cpe:2.3:h:abb:rex640_pcl3:-:*:*:*:*:*:*:* cpe:2.3:o:abb:rex640_pcl3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:abb:rex640_pcl1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:abb:rex640_pcl2_firmware:*:*:*:*:*:*:*:* |
13 Jun 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-13 04:15
Updated : 2023-06-26 17:42
NVD link : CVE-2023-2876
Mitre link : CVE-2023-2876
JSON object : View
Products Affected
abb
- rex640_pcl1_firmware
- rex640_pcl3
- rex640_pcl2_firmware
- rex640_pcl2
- rex640_pcl3_firmware
- rex640_pcl1
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource