CVE-2018-19615
published 2018-12-26CVE-2018-19615: Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain…
PriorityP433medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
3.30%
87.0th percentile
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain access to the affected device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | powermonitor_1000_firmware | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xmm9-f9j3-h828: Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions
ghsa_unreviewed·2022-05-13
CVE-2018-19615 [MEDIUM] CWE-79 GHSA-xmm9-f9j3-h828: Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device.
CISA ICS
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
cisa_ics·2019-02-09·CVSS 6.1
[MEDIUM] Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
Last RevisedSeptember 05, 2019
Alert CodeICSA-19-050-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: Rockwell Automation
- Equipment: Allen-Bradley PowerMonitor 1000
- Vulnerabilities: Cross-site Scripting and Authentication Bypass
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-050-04 Rockwell Automation Allen-Bradley PowerMonitor 1000 that was published February 9
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.htmlhttp://www.securityfocus.com/bid/106333http://www.securityfocus.com/bid/108538https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04https://www.exploit-db.com/exploits/45928/http://packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.htmlhttp://www.securityfocus.com/bid/106333http://www.securityfocus.com/bid/108538https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04https://www.exploit-db.com/exploits/45928/
2018-12-26
Published