CVE-2023-2876

Name of the Vulnerable Software and Affected Versions ABB REX640 PCL1 versions 1.0;0 through 1.0.7 ABB REX640 PCL2 versions 1.0;0 through 1.1.3 ABB REX640 PCL3 versions 1.0;0 through 1.2.0

Description The issue is related to a Sensitive Cookie without the 'HttpOnly' flag, which allows an attacker to perform Cross-Site Scripting (XSS). This can lead to unauthorized access and manipulation of the system.

Recommendations For ABB REX640 PCL1 versions 1.0;0 through 1.0.7, update to version 1.0.8 or later. For ABB REX640 PCL2 versions 1.0;0 through 1.1.3, update to version 1.1.4 or later. For ABB REX640 PCL3 versions 1.0;0 through 1.2.0, update to version 1.2.1 or later. As a temporary workaround, consider restricting access to sensitive cookies to minimize the risk of exploitation.