← Back to home
ICSA-23-040-01  ·  Published 2023-02-09  ·  View on CISA ICS-CERT ↗

Control By Web X-400, X-600M

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to inject malicious JavaScript and execute arbitrary code remotely, which could result in a loss of sensitive information.

CVEs (2)

Remediations

  • X-400: Update to firmware v2.8 or later
  • X-600M: Update firmware to v1.16.00 or later
  • For assistance, contact technical support for questions or to obtain the correct firmware version for a specific unit.
  • Use a secure administrator password.
  • Do not use the default password.

Affected Vendors

Control By Web

Affected Products (2)

Control By Web · X-400 < 2.8
Control By Web · X-600M < 1.16.00

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more