CVE-2023-29027

MEDIUM

Rockwell Automation's ArmorStart ST - XSS

Title source: llm

Description

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

References (1)

Core 1

Core References

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438

Scores

CVSS v3 4.7

EPSS 0.0056

EPSS Percentile 68.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

rockwellautomation/armorstart_st_281e_firmware

rockwellautomation/armorstart_st_284ee_firmware

Published May 11, 2023

Tracked Since Feb 18, 2026