Real Time Automation 460 Series Cross-site Scripting
CVE-2023-4523

9.4CRITICAL

Key Information:

Vendor: Real Time Automation
Status: 460 Series
Vendor: CVE Published:; 27 September 2023

🔔 Create Real Time Automation Vulnerability Alert

What is CVE-2023-4523?

The Real Time Automation 460 Series products, specifically versions earlier than v8.9.8, are susceptible to cross-site scripting vulnerabilities. An attacker could exploit this by embedding malicious JavaScript code in the URL string, potentially hijacking user sessions or redirecting users to unauthorized pages, including the main index.htm page of the gateway's HTTP interface.

Affected Version(s)

460 Series 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Aug 24, 2023

Credit

CISA discovered public proof of concept as authored by Yehia Elghaly.

CVE-2023-4523 Data

JSON