CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:powermonitor_1000_firmware:1408-em3a-ent_b:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:powermonitor_1000:-:*:*:*:*:*:*:*

History

19 Apr 2022, 16:13

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/108538 - (BID) http://www.securityfocus.com/bid/108538 - Broken Link
References (BID) http://www.securityfocus.com/bid/106333 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/106333 - Broken Link

10 May 2021, 22:00

Type Values Removed Values Added
References (MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 - Third Party Advisory, US Government Resource (MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 - US Government Resource, Third Party Advisory

Information

Published : 2018-12-26 21:29

Updated : 2022-05-16 23:11


NVD link : CVE-2018-19615

Mitre link : CVE-2018-19615


JSON object : View

Products Affected

rockwellautomation

  • powermonitor_1000_firmware
  • powermonitor_1000
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')