Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack
Vulnerability Description
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Rockwell Automation Enhanced HIM 跨站请求伪造漏洞
Vulnerability Description
Rockwell Automation Enhanced HIM是Rockwell Automation公司的一种高级人机界面模块。它是用于与Rockwell Automation控制系统进行交互的设备,提供了更直观、更便捷的操作和监控界面。 Rockwell Automation Enhanced HIM 存在安全漏洞,该漏洞源于应用程序使用的 API 未得到充分保护,并且使用了不正确的跨源资源共享 (CORS) 设置,因此容易受到跨站点请求伪造 (CSRF) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A