CVE-2023-29026 MEDIUM

CVE-2023-29026: Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vendor Rockwell Automation

Product ArmorStart ST

Weakness CWE-20 · Input validation

Published May 11, 2023

Last update January 24, 2025

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

Key dates

02Disclosure timeline

May 11, 2023 CVE published

January 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-29026 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2023-29026: Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

01Description

02Disclosure timeline

03References

04Related CVE