Vulnerability Details CVE-2023-6028
A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked user’s browser session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.1%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-6028
-
cpe:2.3:a:br-automation:automation_runtime:2.96
-
cpe:2.3:a:br-automation:automation_runtime:3.00
-
cpe:2.3:a:br-automation:automation_runtime:3.01
-
cpe:2.3:a:br-automation:automation_runtime:3.06
-
cpe:2.3:a:br-automation:automation_runtime:3.07
-
cpe:2.3:a:br-automation:automation_runtime:3.08
-
cpe:2.3:a:br-automation:automation_runtime:3.10
-
cpe:2.3:a:br-automation:automation_runtime:4.00
-
cpe:2.3:a:br-automation:automation_runtime:4.03
-
cpe:2.3:a:br-automation:automation_runtime:4.04
-
cpe:2.3:a:br-automation:automation_runtime:4.10
-
cpe:2.3:a:br-automation:automation_runtime:4.20
-
cpe:2.3:a:br-automation:automation_runtime:4.30
-
cpe:2.3:a:br-automation:automation_runtime:4.40
-
cpe:2.3:a:br-automation:automation_runtime:4.50
-
cpe:2.3:a:br-automation:automation_runtime:4.60
-
cpe:2.3:a:br-automation:automation_runtime:4.63
-
cpe:2.3:a:br-automation:automation_runtime:4.70
-
cpe:2.3:a:br-automation:automation_runtime:4.72
-
cpe:2.3:a:br-automation:automation_runtime:a4.73
-
cpe:2.3:a:br-automation:automation_runtime:d4.63
-
cpe:2.3:a:br-automation:automation_runtime:e4.53
-
cpe:2.3:a:br-automation:automation_runtime:f4.45
-
cpe:2.3:a:br-automation:automation_runtime:g4.93