Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29024— Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

CVSS 5.5 · Medium EPSS 0.19% · P40
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-29024

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation ArmorStart ST 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation ArmorStart ST是美国罗克韦尔(Rockwell Automation)公司的一种用于机旁控制架构的简单而经济实用的解决方案。 Rockwell Automation ArmorStart ST存在安全漏洞,该漏洞源于允许恶意用户查看和修改敏感数据,攻击者利用该漏洞可能会导致网页可用性中断。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Rockwell AutomationArmorStart ST All -

II. Public POCs for CVE-2023-29024

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-29024

登录查看更多情报信息。

Same Patch Batch · Rockwell Automation · 2023-05-11 · 13 CVEs total

CVE-2023-18349.4 CRITICALRockwell Automation Kinetix 5500 Vulnerable to Open Port Exploitation
CVE-2023-24437.5 HIGHRockwell Automation ThinManager 加密问题漏洞
CVE-2023-24447.1 HIGHRockwell Automation FactoryTalk Vantagepoint 跨站请求伪造漏洞
CVE-2023-290237.0 HIGHRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290307.0 HIGHRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290317.0 HIGHRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290224.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290294.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290284.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290274.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290264.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
CVE-2023-290254.7 MEDIUMRockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

IV. Related Vulnerabilities

Same product: ArmorStart ST
Same vendor: Rockwell Automation
Same weakness: CWE-79

V. Comments for CVE-2023-29024

No comments yet

Leave a comment