CVE-2018-19615

MEDIUM

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Code Injection

Title source: llm

Description

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain access to the affected device.

Exploits (1)

exploitdb WORKING POC

by Luca.Chiou · textwebappshardware

https://www.exploit-db.com/exploits/45928

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45928/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106333

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108538

Scores

CVSS v3 6.1

EPSS 0.0022

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

rockwellautomation/powermonitor_1000_firmware 1408-em3a-ent_b

Published Dec 26, 2018

Tracked Since Feb 18, 2026