CVE-2023-29022: XSS
First published: Thu May 11 2023(Updated: )
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-29022?
The severity of CVE-2023-29022 is medium with a severity value of 5.9.
How can a malicious user exploit CVE-2023-29022?
A malicious user with admin privileges and network access can exploit CVE-2023-29022 to view user data and modify the web interface.
Is Rockwell Automation's ArmorStart ST 284ee firmware vulnerable to CVE-2023-29022?
Yes, Rockwell Automation's ArmorStart ST 284ee firmware is vulnerable to CVE-2023-29022.
Is Rockwell Automation's ArmorStart ST 281e firmware vulnerable to CVE-2023-29022?
Yes, Rockwell Automation's ArmorStart ST 281e firmware is vulnerable to CVE-2023-29022.
Where can I find more information about CVE-2023-29022?
You can find more information about CVE-2023-29022 at the following link: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438