CVE-2023-29023

2023-05-1118:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

rockwell automation

armorstart st

user interaction

exploitation

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.3%

JSON

A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

Affected configurations

Nvd

Node

rockwellautomationarmorstart_st_284eeMatch-

AND

rockwellautomationarmorstart_st_284ee_firmwareMatch-

Node

rockwellautomationarmorstart_st_281eMatch-

AND

rockwellautomationarmorstart_st_281e_firmwareMatch-

VendorProductVersionCPE
rockwellautomationarmorstart_st_284ee-cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*
rockwellautomationarmorstart_st_284ee_firmware-cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*
rockwellautomationarmorstart_st_281e-cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*
rockwellautomationarmorstart_st_281e_firmware-cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockwellautomation	armorstart_st_284ee	-	cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:::::::*
rockwellautomation	armorstart_st_284ee_firmware	-	cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:::::::*
rockwellautomation	armorstart_st_281e	-	cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:::::::*
rockwellautomation	armorstart_st_281e_firmware	-	cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:::::::*