Описание
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:rockwellautomation:powermonitor_1000_firmware:1408-em3a-ent_b:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:powermonitor_1000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03243
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
EPSS
Процентиль: 87%
0.03243
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287