Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-29030

7.1HIGH

Key Information:

Vendor: Rockwell Automation
Status: ArmorStart ST
Vendor: CVE Published:; 11 May 2023

Summary

A cross site scripting vulnerability has been identified in Rockwell Automation's ArmorStart ST, which could lead to unauthorized access to sensitive data or disrupt the availability of the web interface. This vulnerability necessitates user interaction, such as falling victim to a phishing attack, to exploit successfully. Mitigation measures should be employed promptly to safeguard against potential exploitation.

Affected Version(s)

ArmorStart ST All

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Mar 29, 2023