CVE-2023-29023

low-risk
Published 2023-05-11

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

Do I need to act?

-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (2)

Armorstart St 284Ee Firmware
Armorstart St 281E Firmware

Affected Vendors

Rockwellautomation

References (2)

Vendor Advisory https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
Vendor Advisory https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low