Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023030030

Below is a copy:

Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Exploit Title:  Real Time Automation 460MCBS Cross Site Scripting (XSS)
Date: 2023-03-09
Exploit Author: Yehia Elghaly
Vendor Homepage: https://www.rtautomation.com/
Software Link: https://www.rtautomation.com/product/460mcbs/
Version: Revision 5.2.14
Tested on: Real Time Automation 
CVE: N/A


Summary: The Real Time Automation  460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). Its a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System

Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)

Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1

[Affected Component]
(/)

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.