The vulnerability of Rockwell Automation’s distributed controller software ArmorStart ST, related to deficiencies in input data validation by users, allows attackers to execute cross-site scripting (XSS) attacks.

🗓️ 24 May 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Rockwell ArmorStart ST software has input data validation flaws enabling remote cross site scripting.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-29024	11 May 202322:20	–	circl
CNNVD	Rockwell Automation ArmorStart ST 跨站脚本漏洞	11 May 202300:00	–	cnnvd
CNVD	Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44291)	15 May 202300:00	–	cnvd
CVE	CVE-2023-29024	11 May 202317:42	–	cve
Cvelist	CVE-2023-29024 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack	11 May 202317:42	–	cvelist
EUVD	EUVD-2023-32629	3 Oct 202520:07	–	euvd
ICS	Rockwell ArmorStart	18 May 202319:01	–	ics
NVD	CVE-2023-29024	11 May 202318:15	–	nvd
Prion	Cross site scripting	11 May 202318:15	–	prion
Positive Technologies	PT-2023-2837 · Rockwell Automation · Rockwell Automation Armorstart St	11 May 202300:00	–	ptsecurity

Source	Link
rockwellautomation	www.rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023051923
web	www.web.nvd.nist.gov/view/vuln/detail

24 May 2023 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 26.5

CVSS 36.5

EPSS0.0062

Rockwell ArmorStart cross site scripting input data validation remote attack distributed controllers