Login Sign Up

CVE-2023-2746

9.6 CRITICAL
Authentication Bypass CSRF

📋 TL;DR

Rockwell Automation Enhanced HIM software has insufficient API protection with incorrect CORS settings, making it vulnerable to CSRF attacks. An attacker could trick authenticated users into clicking malicious links, potentially leading to sensitive information disclosure or full remote access. This affects systems running the vulnerable Enhanced HIM software.

💻 Affected Systems

Products:
  • Rockwell Automation Enhanced HIM software
Versions: Not specified in provided references
Operating Systems: Windows-based HMI systems
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction through social engineering or XSS to exploit. Affects systems with Enhanced HIM software installed.

📦 What is this software?

Enhanced Him by Rockwellautomation

View all CVEs affecting Enhanced Him →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote access to affected products, allowing complete system compromise and potential control over industrial processes.

🟠

Likely Case

Sensitive information disclosure including configuration data, credentials, or operational parameters that could facilitate further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, access controls, and user awareness preventing successful social engineering.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires social engineering to trick authenticated users into clicking malicious links. CSRF attack needs user to be logged into the vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760

Restart Required: Yes

Instructions:

1. Review Rockwell Automation security advisory. 2. Apply recommended patches/updates. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Enhanced HIM systems from untrusted networks and implement strict access controls.

CORS Policy Hardening

all

Implement proper CORS headers to restrict cross-origin requests to trusted domains only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Enforce strong authentication and session management controls

🔍 How to Verify

Check if Vulnerable:

Check Enhanced HIM software version against vendor advisory. Review CORS configuration and API protection mechanisms.

Check Version:

Check Enhanced HIM software version through system interface or configuration files.

Verify Fix Applied:

Verify patch installation through version check. Test API endpoints for proper CORS headers and CSRF protections.

📡 Detection & Monitoring

Log Indicators:

  • Unusual API access patterns
  • Multiple failed authentication attempts
  • Requests from unexpected origins

Network Indicators:

  • Cross-origin requests to Enhanced HIM APIs
  • Unusual traffic patterns to HMI systems

SIEM Query:

Search for cross-origin requests to Enhanced HIM endpoints or unusual API access patterns.

📊 Metadata

CVE ID: CVE-2023-2746
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-352
Published: July 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2746, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)