OTPulse
FeedAboutContact

Real Time Automation 460 Series

Act Now9.4ICS-CERT ICSA-23-264-01Sep 21, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A cross-site scripting (XSS) vulnerability in the Real Time Automation 460 Series web interface allows unauthenticated attackers to inject malicious JavaScript. When operators or engineers access the web UI, the injected script executes in their browsers, potentially compromising device configuration, stealing session credentials, or enabling further attacks on the control network. The vulnerability affects 460 Series firmware versions prior to 8.9.8.

What this means
What could happen
An attacker could inject malicious JavaScript into the web interface and execute it in the browsers of users accessing the 460 Series device, potentially stealing credentials or session tokens to take control of the device.
Who's at risk
Organizations using Real Time Automation 460 Series devices should care about this vulnerability. These devices are typically used as industrial controllers and gateway devices in water treatment plants, power distribution systems, and manufacturing facilities. Any deployment with a web interface exposed to internal network users is at risk.
How it could be exploited
An attacker with network access to the 460 Series web interface injects malicious JavaScript through an unvalidated input field. When a user (operator or engineer) accesses the web UI, the injected script executes in their browser, allowing the attacker to steal session cookies, force configuration changes, or redirect the user to a credential-harvesting page.
Prerequisites
  • Network access to the 460 Series web interface (port 80 or 443)
  • No authentication required to inject the payload
  • User must view a page containing the injected script
remotely exploitableno authentication requiredlow complexityweb-based XSS attackaffects device configuration and operator access
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
460 Series: < 8.9.8< 8.9.88.9.8
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to the 460 Series web interface using firewall rules—allow only authorized engineering workstations and operator terminals
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Real Time Automation for a software update and apply it during a scheduled maintenance window
Long-term hardening
0/1
HARDENINGIsolate the 460 Series device on a separate control network, not directly accessible from business networks or the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5184e577-dd22-4949-b7c7-41854524e318
Real Time Automation 460 Series | CVSS 9.4 - OTPulse