CVE-2023-29026

Published: May 11, 2023Modified: Jan 24, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Exploitability: 1.7 / Impact: 3.7

Source: NVD

Description

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

Affected (2)

Products: Rockwellautomation: Armorstart St 284ee Firmware, Armorstart St 281e Firmware

Rockwellautomation

2 products

Armorstart St 284ee Firmware

Armorstart St 281e Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Armorstart St 284ee Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Armorstart St 284ee	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Armorstart St 281e Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Armorstart St 281e	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438

Source: PSIRT@rockwellautomation.com

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.