CVE-2023-29025 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

2023-05-1117:45:59

CWE-79

Rockwell

www.cve.org

rockwell automation

armorstart st

cross-site scripting

vulnerability

user data

web interface

interruptions

cve-2023-29025

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product

that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ArmorStart ST",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All "
      }
    ]
  }
]