CVE-2023-28650

An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sauter-controls:ey-as525f001_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:ey-as525f001:-:*:*:*:*:*:*:*

History

31 Mar 2023, 13:38

Type Values Removed Values Added
CPE cpe:2.3:o:sauter-controls:ey-as525f001_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:ey-as525f001:-:*:*:*:*:*:*:*
First Time Sauter-controls ey-as525f001 Firmware
Sauter-controls
Sauter-controls ey-as525f001
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03 - Third Party Advisory, US Government Resource
CWE CWE-79

27 Mar 2023, 20:38

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-27 20:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-28650

Mitre link : CVE-2023-28650

CVE.ORG link : CVE-2023-28650


JSON object : View

Products Affected

sauter-controls

  • ey-as525f001
  • ey-as525f001_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')