Vulnerability Description
Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rtautomation | 460 Series Firmware | < 8.9.8 |
| Rtautomation | 460Etcmm | - |
| Rtautomation | 460Mcbms | - |
| Rtautomation | 460Mcbs | - |
| Rtautomation | 460Mmbms | - |
| Rtautomation | 460Mmbs | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-4523?
CVE-2023-4523 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If th...
How severe is CVE-2023-4523?
CVE-2023-4523 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-4523?
Check the references section above for vendor advisories and patch information. Affected products include: Rtautomation 460 Series Firmware, Rtautomation 460Etcmm, Rtautomation 460Mcbms, Rtautomation 460Mcbs, Rtautomation 460Mmbms.