Vulnerability Description
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
CVSS Score
4.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Controlbyweb | X-400 Firmware | < 2.8 |
| Controlbyweb | X-400 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01MitigationThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-23553?
CVE-2023-23553 is a vulnerability with a CVSS score of 4.5 (MEDIUM). Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
How severe is CVE-2023-23553?
CVE-2023-23553 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23553?
Check the references section above for vendor advisories and patch information. Affected products include: Controlbyweb X-400 Firmware, Controlbyweb X-400.