First published: Tue Jun 13 2023(Updated: )
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
Credit: cybersecurity@ch.abb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Abb Rex640 Pcl1 Firmware | >=1.0.0<1.0.8 | |
ABB REX640 PCL1 | ||
Abb Rex640 Pcl2 Firmware | >=1.0.0<1.1.4 | |
ABB REX640 PCL2 | ||
Abb Rex640 Pcl3 Firmware | >=1.0.0<1.2.1 | |
ABB REX640 PCL3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-2876.
The severity of CVE-2023-2876 is medium (6.1).
CVE-2023-2876 impacts ABB REX640 PCL1 firmware modules by allowing Cross-Site Scripting (XSS) through a Sensitive Cookie Without 'HttpOnly' Flag vulnerability.
To fix CVE-2023-2876 in ABB REX640 PCL1 firmware, update to version 1.0.8 or later which includes the HttpOnly flag for sensitive cookies.
You can find more information about CVE-2023-2876 [here](https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch).