Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-29031

7.1HIGH

Key Information:

Vendor: Rockwell Automation
Status: ArmorStart ST
Vendor: CVE Published:; 11 May 2023

Summary

A cross site scripting vulnerability has been identified in Rockwell Automation's ArmorStart ST product. This flaw may allow an attacker to view and manipulate sensitive data, or disrupt the availability of the web interface. Successful exploitation requires user interaction, such as a phishing attack, indicating that social engineering plays a role in the potential risk. Organizations utilizing this product are advised to assess their security measures to mitigate possible threats.

Affected Version(s)

ArmorStart ST All

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Mar 29, 2023