CVE-2023-2746

Name of the Vulnerable Software and Affected Versions Rockwell Automation Enhanced HIM (affected versions not specified)

Description The issue is related to the implementation of the application programming interface in the Rockwell Automation Enhanced HIM software, which is vulnerable to Cross Site Request Forgery (CSRF) attacks due to insufficient protection and incorrect Cross-Origin Resource Sharing (CORS) settings. Exploitation of this issue could potentially lead to sensitive information disclosure and full remote access to the affected products. A malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS) to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.