VAR-202307-1275
Vulnerability from variot - Updated: 2025-06-07 23:55The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. It was * Cross-site scripting (CWE-79) - CVE-2023-2072If the vulnerability is exploited, it may be affected as follows. Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation, USA. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powermonitor 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "powermonitor 1000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "powermonitor 1000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "powermonitor 1000 firmware v4.011"
},
{
"model": "automation powermonitor",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"cve": "CVE-2023-2072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-11450",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-2072",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-2072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-2072",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-2072",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-2072",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-11450",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-779",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. \u00a0The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. It was * Cross-site scripting (CWE-79) - CVE-2023-2072If the vulnerability is exploited, it may be affected as follows. Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation, USA. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "VULMON",
"id": "CVE-2023-2072"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-2072",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97004334",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-11450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-2072",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "VULMON",
"id": "CVE-2023-2072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"id": "VAR-202307-1275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
}
]
},
"last_update_date": "2025-06-07T23:55:15.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerMonitor\u00a01000\u00a0-\u00a0Cross-Site\u00a0Scripting\u00a0Vulnerability\u00a0 (Login required)",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113\u0026versions=58300,55146,54770"
},
{
"title": "Patch for Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/693226"
},
{
"title": "Rockwell Automation Allen-Bradley PowerMonitor 1000 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246690"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97004334/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2072"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-2072/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "VULMON",
"id": "CVE-2023-2072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"db": "VULMON",
"id": "CVE-2023-2072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2072"
},
{
"date": "2023-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"date": "2023-07-11T14:15:09.403000",
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-11450"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2072"
},
{
"date": "2024-03-13T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2023-002490"
},
{
"date": "2023-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-779"
},
{
"date": "2023-07-18T21:02:57.793000",
"db": "NVD",
"id": "CVE-2023-2072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0PowerMonitor\u00a01000\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-779"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…