CVE-2023-29024: XSS
First published: Thu May 11 2023(Updated: )
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e | ||
| All of | ||
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| All of | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-29024?
The severity of CVE-2023-29024 is medium with a severity value of 6.5.
How does the cross site scripting vulnerability in Rockwell Automation's ArmorStart ST product affect users?
The cross site scripting vulnerability in Rockwell Automation's ArmorStart ST product could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.
Which versions of Rockwell Automation's ArmorStart ST firmware are affected by CVE-2023-29024?
Rockwell Automation's ArmorStart ST 284ee firmware and ArmorStart ST 281e firmware are affected by CVE-2023-29024.
Is the Rockwell Automation's ArmorStart ST 284ee device vulnerable to CVE-2023-29024?
No, the Rockwell Automation's ArmorStart ST 284ee device is not vulnerable to CVE-2023-29024.
How can I fix the cross site scripting vulnerability in Rockwell Automation's ArmorStart ST product?
To fix the cross site scripting vulnerability in Rockwell Automation's ArmorStart ST product, refer to the vendor's advisory and apply any patches or updates provided.