CVE-2023-29030

HIGH

Rockwell Automation's ArmorStart ST - XSS

Title source: llm

Description

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438

Scores

CVSS v3 7.0

EPSS 0.0042

EPSS Percentile 62.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (2)

rockwellautomation/armorstart_st_281e_firmware

rockwellautomation/armorstart_st_284ee_firmware

Published May 11, 2023

Tracked Since Feb 18, 2026