Details of VAR-202307-1275

ID

VAR-202307-1275

CVE

CVE-2023-2072

TITLE

Rockwell Automation Made PowerMonitor 1000 Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002490

DESCRIPTION

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. It was * Cross-site scripting (CWE-79) - CVE-2023-2072If the vulnerability is exploited, it may be affected as follows. Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation, USA. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data

Trust: 2.25

sources: NVD: CVE-2023-2072 // JVNDB: JVNDB-2023-002490 // CNVD: CNVD-2025-11450 // VULMON: CVE-2023-2072

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11450

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	powermonitor 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwell automation	model:	powermonitor 1000	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	powermonitor 1000	scope:	eq	version:	powermonitor 1000 firmware v4.011	Trust: 0.8
vendor:	rockwell	model:	automation powermonitor	scope:	eq	version:	1000	Trust: 0.6

sources: CNVD: CNVD-2025-11450 // JVNDB: JVNDB-2023-002490 // NVD: CVE-2023-2072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-2072
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-2072
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-2072
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-11450
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202307-779
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-11450
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-2072
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-2072
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11450 // JVNDB: JVNDB-2023-002490 // CNNVD: CNNVD-202307-779 // NVD: CVE-2023-2072 // NVD: CVE-2023-2072

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002490 // NVD: CVE-2023-2072

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-779

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202307-779

PATCH

title:	PowerMonitor 1000 - Cross-Site Scripting Vulnerability (Login required)	url:	https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&versions=58300,55146,54770	Trust: 0.8
title:	Patch for Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/693226	Trust: 0.6
title:	Rockwell Automation Allen-Bradley PowerMonitor 1000 Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=246690	Trust: 0.6

sources: CNVD: CNVD-2025-11450 // JVNDB: JVNDB-2023-002490 // CNNVD: CNNVD-202307-779

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2072	Trust: 3.9
db:	ICS CERT	id:	ICSA-23-194-05	Trust: 0.8
db:	JVN	id:	JVNVU97004334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002490	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11450	Trust: 0.6
db:	CNNVD	id:	CNNVD-202307-779	Trust: 0.6
db:	VULMON	id:	CVE-2023-2072	Trust: 0.1

sources: CNVD: CNVD-2025-11450 // VULMON: CVE-2023-2072 // JVNDB: JVNDB-2023-002490 // CNNVD: CNNVD-202307-779 // NVD: CVE-2023-2072

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761	Trust: 2.3
url:	https://jvn.jp/vu/jvnvu97004334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-2072	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-2072/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-11450 // VULMON: CVE-2023-2072 // JVNDB: JVNDB-2023-002490 // CNNVD: CNNVD-202307-779 // NVD: CVE-2023-2072

SOURCES

db:	CNVD	id:	CNVD-2025-11450
db:	VULMON	id:	CVE-2023-2072
db:	JVNDB	id:	JVNDB-2023-002490
db:	CNNVD	id:	CNNVD-202307-779
db:	NVD	id:	CVE-2023-2072

LAST UPDATE DATE

2025-06-07T23:55:15.593000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11450	date:	2025-06-05T00:00:00
db:	VULMON	id:	CVE-2023-2072	date:	2023-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-002490	date:	2024-03-13T08:16:00
db:	CNNVD	id:	CNNVD-202307-779	date:	2023-07-19T00:00:00
db:	NVD	id:	CVE-2023-2072	date:	2023-07-18T21:02:57.793

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11450	date:	2025-05-28T00:00:00
db:	VULMON	id:	CVE-2023-2072	date:	2023-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-002490	date:	2023-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202307-779	date:	2023-07-11T00:00:00
db:	NVD	id:	CVE-2023-2072	date:	2023-07-11T14:15:09.403