Unrated severityNVD Advisory· Published Jul 11, 2023· Updated Nov 7, 2024

Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability

CVE-2023-2072

Description

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Rockwellautomation/Power Monitor 1000llm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: V4.011

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000