CVE-2023-29028: XSS
First published: Thu May 11 2023(Updated: )
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Armorstart St 284ee Firmware | ||
| Rockwellautomation Armorstart St 284ee | ||
| Rockwellautomation Armorstart St 281e Firmware | ||
| Rockwellautomation Armorstart St 281e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-29028?
CVE-2023-29028 is a cross site scripting vulnerability in Rockwell Automation's ArmorStart ST product.
What can a malicious user do with CVE-2023-29028?
A malicious user with admin privileges and network access can view user data and modify the web interface, and potentially cause interruptions.
Which software versions are affected by CVE-2023-29028?
Rockwell Automation's ArmorStart ST 284ee Firmware and ArmorStart ST 281e Firmware are affected.
How severe is CVE-2023-29028?
CVE-2023-29028 has a severity of medium with a CVSS score of 5.9.
How can I fix CVE-2023-29028?
Apply the latest firmware updates provided by Rockwell Automation.