Description
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
References (1)
Core 1
Core References
Scores
CVSS v3
3.1
EPSS
0.0025
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
CWE-1004
Status
published
Products (3)
abb/rex640_pcl1_firmware
1.0.0 - 1.0.8
abb/rex640_pcl2_firmware
1.0.0 - 1.1.4
abb/rex640_pcl3_firmware
1.0.0 - 1.2.1
Published
Jun 13, 2023
Tracked Since
Feb 18, 2026