CVE-2023-29027 MEDIUM

CVE-2023-29027: Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vendor Rockwell Automation

Product ArmorStart ST

Weakness CWE-79 · XSS

Published May 11, 2023

Last update January 24, 2025

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

Key dates

02Disclosure timeline

May 11, 2023 CVE published

January 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-29027 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-2470 Cross-site Scripting (XSS) - Reflected in microweber/microweber CVE-2025-13959 Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2023-34377 WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) CVE-2025-32613 WordPress Debug Log Manager plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability CVE-2024-13673 Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting