CVE-2023-34412 Information
Aug 18, 2023
cve
Description
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload allowing the attacker to read and write browser data and reduce system performance.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Reference
https://cert.vde.com/en/advisories/VDE-2023-029/ https://cert.vde.com/en/advisories/VDE-2023-012/
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
LOW
Base Severity
8.3
Share on: