CVE-2023-29022: Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
First published: Thu May 11 2023(Updated: )
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e | ||
| All of | ||
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| All of | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e |
Remedy
Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-29022?
The severity of CVE-2023-29022 is medium with a severity value of 5.9.
How can a malicious user exploit CVE-2023-29022?
A malicious user with admin privileges and network access can exploit CVE-2023-29022 to view user data and modify the web interface.
Is Rockwell Automation's ArmorStart ST 284ee firmware vulnerable to CVE-2023-29022?
Yes, Rockwell Automation's ArmorStart ST 284ee firmware is vulnerable to CVE-2023-29022.
Is Rockwell Automation's ArmorStart ST 281e firmware vulnerable to CVE-2023-29022?
Yes, Rockwell Automation's ArmorStart ST 281e firmware is vulnerable to CVE-2023-29022.
Where can I find more information about CVE-2023-29022?
You can find more information about CVE-2023-29022 at the following link: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/title
- agent/references
- agent/remedy
- agent/description
- agent/source
- agent/author
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/rockwellautomation
- canonical/rockwellautomation armorstart st 284ee firmware
- canonical/rockwellautomation armorstart st 284ee
- canonical/rockwellautomation armorstart st 281e firmware
- canonical/rockwellautomation armorstart st 281e