CVE-2023-29024

Опубликовано: 11 мая 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 6.5

EPSS Низкий

Описание

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product

A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

Ссылки

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
Permissions Required
Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.0012

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-w92v-v6pq-mwmx

CVSS3: 5.5

github

больше 2 лет назад

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

BDU:2023-02776

CVSS3: 6.5

fstec

больше 2 лет назад

Уязвимость микропрограммного обеспечения распределенных контроллеров Rockwell Automation ArmorStart ST, связанная с недостатками проверки вводимых пользователем данных, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

EPSS

Процентиль: 31%

0.0012

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-79