Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Rockwell Automation Comms - 1783-NATR product, specifically in versions through 1.006. This vulnerability allows a malicious user to inject scripts that could be executed by other users, potentially leading to the modification or unauthorized viewing of sensitive data. The issue arises from inadequate filtering and encoding of special characters, and exploitation requires access to update configuration fields under an admin login.

Impact

Exploitation of this vulnerability could allow for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Remediation

Users can upgrade to version 1.007 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.