CVE-2023-29027: XSS
First published: Thu May 11 2023(Updated: )
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-29027?
CVE-2023-29027 is a cross site scripting vulnerability discovered in Rockwell Automation's ArmorStart ST product.
How does CVE-2023-29027 impact Rockwell Automation's ArmorStart ST product?
CVE-2023-29027 could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.
What is the severity of CVE-2023-29027?
CVE-2023-29027 has a severity of medium with a CVSS score of 5.9.
How can a malicious user exploit CVE-2023-29027?
A malicious user can exploit CVE-2023-29027 by injecting malicious scripts into the web interface, potentially causing interruptions.
Is there a fix available for CVE-2023-29027?
It is recommended to apply the latest firmware update provided by Rockwell Automation to mitigate the vulnerability.