Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-29022 (GCVE-0-2023-29022)
Vulnerability from cvelistv5 – Published: 2023-05-11 17:51 – Updated: 2025-01-24 16:15
VLAI
EPSS
Title
Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
Summary
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Severity
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ArmorStart ST |
Affected:
All
|
Date Public
2023-05-11 14:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:15:01.660455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:15:52.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ArmorStart ST",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All "
}
]
}
],
"datePublic": "2023-05-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T17:51:33.822Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled."
}
],
"value": "Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-29022",
"datePublished": "2023-05-11T17:51:33.822Z",
"dateReserved": "2023-03-29T20:07:06.685Z",
"dateUpdated": "2025-01-24T16:15:52.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-29022",
"date": "2026-05-28",
"epss": "0.00402",
"percentile": "0.61048"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB61010-9BC0-4A6D-BE43-350415D18374\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07E85834-78DF-41E2-B86C-899DBE201D67\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E001AA0-C1D7-4ADA-ADD9-4472276FA933\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"462A5C89-68EB-471E-B23C-A2FA63EA74F2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \\n\\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\\n\\n\\n\\n\"}]",
"id": "CVE-2023-29022",
"lastModified": "2024-11-21T07:56:24.620",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"PSIRT@rockwellautomation.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 3.7}]}",
"published": "2023-05-11T18:15:13.023",
"references": "[{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\", \"source\": \"PSIRT@rockwellautomation.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"PSIRT@rockwellautomation.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-29022\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2023-05-11T18:15:13.023\",\"lastModified\":\"2025-01-24T17:15:11.670\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \\n\\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.7,\"impactScore\":3.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.7,\"impactScore\":3.7}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB61010-9BC0-4A6D-BE43-350415D18374\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E85834-78DF-41E2-B86C-899DBE201D67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E001AA0-C1D7-4ADA-ADD9-4472276FA933\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"462A5C89-68EB-471E-B23C-A2FA63EA74F2\"}]}]}],\"references\":[{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:00:14.779Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29022\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-24T16:15:01.660455Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-24T16:15:42.640Z\"}}], \"cna\": {\"title\": \"Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"ArmorStart ST\", \"versions\": [{\"status\": \"affected\", \"version\": \"All \"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.\", \"base64\": false}]}], \"datePublic\": \"2023-05-11T14:00:00.000Z\", \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \\n\\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ethat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\u003c/span\u003e\\n\\n\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2023-05-11T17:51:33.822Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-29022\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-24T16:15:52.659Z\", \"dateReserved\": \"2023-03-29T20:07:06.685Z\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"datePublished\": \"2023-05-11T17:51:33.822Z\", \"assignerShortName\": \"Rockwell\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
BDU:2023-03243
Vulnerability from fstec - Published: 11.05.2023
VLAI
Title
Уязвимость микропрограммного обеспечения распределённых контроллеров Rockwell Automation ArmorStart ST, связанная с недостаточной проверкой входных данных, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
Description
Уязвимость микропрограммного обеспечения распределённых контроллеров Rockwell Automation ArmorStart ST связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществлять межсайтовые сценарные атаки (XSS)
Severity
Vendor
Rockwell Automation Inc.
Software Name
ArmorStart ST 281E, ArmorStart ST 284E
Software Version
- (ArmorStart ST 281E), - (ArmorStart ST 284E)
Possible Mitigations
Компенсирующие меры:
- сегментирование сети с целью ограничения доступа к оборудованию из других подсетей;
- использование VPN для организации удаленного доступа.
Reference
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
https://www.cybersecurity-help.cz/vdb/SB2023051923
CWE
CWE-20, CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Rockwell Automation Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (ArmorStart ST 281E), - (ArmorStart ST 284E)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044e \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 VPN \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.06.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03243",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-29022",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ArmorStart ST 281E, ArmorStart ST 284E",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Rockwell Automation ArmorStart ST, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 (XSS)",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Rockwell Automation ArmorStart ST \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 (XSS)",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438\nhttps://www.cybersecurity-help.cz/vdb/SB2023051923",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
CNVD-2023-44290
Vulnerability from cnvd - Published: 2023-06-05
VLAI
Title
Rockwell Automation ArmorStart ST跨站脚本漏洞(CNVD-2023-44290)
Description
Rockwell Automation ArmorStart ST是美国罗克韦尔(Rockwell Automation)公司的一种用于机旁控制架构的简单而经济实用的解决方案。
Rockwell Automation ArmorStart ST存在跨站脚本漏洞,攻击者可利用该漏洞查看用户数据并修改web界面,导致网页可用性中断。
Severity
中
Patch Name
Rockwell Automation ArmorStart ST跨站脚本漏洞(CNVD-2023-44290)的补丁
Patch Description
Rockwell Automation ArmorStart ST是美国罗克韦尔(Rockwell Automation)公司的一种用于机旁控制架构的简单而经济实用的解决方案。
Rockwell Automation ArmorStart ST存在跨站脚本漏洞,攻击者可利用该漏洞查看用户数据并修改web界面,导致网页可用性中断。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
Reference
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438
Impacted products
| Name | Rockwell Automation ArmorStart ST |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-29022",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-29022"
}
},
"description": "Rockwell Automation ArmorStart ST\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u79cd\u7528\u4e8e\u673a\u65c1\u63a7\u5236\u67b6\u6784\u7684\u7b80\u5355\u800c\u7ecf\u6d4e\u5b9e\u7528\u7684\u89e3\u51b3\u65b9\u6848\u3002\n\nRockwell Automation ArmorStart ST\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u7528\u6237\u6570\u636e\u5e76\u4fee\u6539web\u754c\u9762\uff0c\u5bfc\u81f4\u7f51\u9875\u53ef\u7528\u6027\u4e2d\u65ad\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-44290",
"openTime": "2023-06-05",
"patchDescription": "Rockwell Automation ArmorStart ST\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u79cd\u7528\u4e8e\u673a\u65c1\u63a7\u5236\u67b6\u6784\u7684\u7b80\u5355\u800c\u7ecf\u6d4e\u5b9e\u7528\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nRockwell Automation ArmorStart ST\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u7528\u6237\u6570\u636e\u5e76\u4fee\u6539web\u754c\u9762\uff0c\u5bfc\u81f4\u7f51\u9875\u53ef\u7528\u6027\u4e2d\u65ad\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Rockwell Automation ArmorStart ST\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-44290\uff09\u7684\u8865\u4e01",
"products": {
"product": "Rockwell Automation ArmorStart ST"
},
"referenceLink": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438",
"serverity": "\u4e2d",
"submitTime": "2023-05-15",
"title": "Rockwell Automation ArmorStart ST\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-44290\uff09"
}
FKIE_CVE-2023-29022
Vulnerability from fkie_nvd - Published: 2023-05-11 18:15 - Updated: 2025-01-24 17:15
Severity
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Summary
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB61010-9BC0-4A6D-BE43-350415D18374",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E85834-78DF-41E2-B86C-899DBE201D67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E001AA0-C1D7-4ADA-ADD9-4472276FA933",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "462A5C89-68EB-471E-B23C-A2FA63EA74F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n"
}
],
"id": "CVE-2023-29022",
"lastModified": "2025-01-24T17:15:11.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-11T18:15:13.023",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-V95F-5M3H-QQW7
Vulnerability from github – Published: 2023-05-11 18:30 – Updated: 2024-04-04 04:02
VLAI
Details
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Severity
4.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-29022"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-11T18:15:13Z",
"severity": "MODERATE"
},
"details": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n",
"id": "GHSA-v95f-5m3h-qqw7",
"modified": "2024-04-04T04:02:42Z",
"published": "2023-05-11T18:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29022"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2023-29022
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-29022",
"id": "GSD-2023-29022"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-29022"
],
"details": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n",
"id": "GSD-2023-29022",
"modified": "2023-12-13T01:20:57.298989Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-29022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArmorStart ST",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All "
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled."
}
],
"value": "Customers should disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled."
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:armorstart_st_284ee_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:armorstart_st_284ee:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:armorstart_st_281e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:armorstart_st_281e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-29022"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation\u0027s ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
},
"lastModifiedDate": "2023-05-15T17:43Z",
"publishedDate": "2023-05-11T18:15Z"
}
}
}
ICSA-23-136-02
Vulnerability from csaf_cisa - Published: 2023-05-18 19:01 - Updated: 2023-05-18 19:01Summary
Rockwell ArmorStart
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow a malicious user to view and modify sensitive data or make the web page unavailable.
Critical infrastructure sectors: Critical Manufacturer
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies). Specifically, users should:
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploits specifically target these vulnerabilities.
7.0 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
7.0 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
7.0 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
4.7 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ArmorStart ST281E: >= 2.004.06
Rockwell Automation / ArmorStart ST281E
|
>= 2.004.06 |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST284E: *
Rockwell Automation / ArmorStart ST284E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
|
|
ArmorStart ST280E: *
Rockwell Automation / ArmorStart ST280E
|
vers:all/* |
Vendor Fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
|
References
19 references
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow a malicious user to view and modify sensitive data or make the web page unavailable.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturer",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies). Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-136-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-136-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-136-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://cisa.gov/ics"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Rockwell ArmorStart",
"tracking": {
"current_release_date": "2023-05-18T19:01:59.428226Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-136-02",
"initial_release_date": "2023-05-18T19:01:59.428226Z",
"revision_history": [
{
"date": "2023-05-18T19:01:59.428226Z",
"legacy_version": "1",
"number": "1",
"summary": "CSAF Creation Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 2.004.06",
"product": {
"name": "ArmorStart ST281E: \u003e= 2.004.06",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ArmorStart ST281E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ArmorStart ST284E: *",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "ArmorStart ST284E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ArmorStart ST280E: *",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "ArmorStart ST280E"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29031",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29031"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29030",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29030"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29023",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29024",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29024"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29025",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29025"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29026",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29026"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29027",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29027"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29028",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29028"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29029",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29029"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2023-29022",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A cross site scripting vulnerability was discovered that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "System Security Design Guidelines Reference Manual publication, SECURE-RM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://manuals.plus/m/034dd41130c94a4265d75b89b1ae8c6cca6223ea538a03c3dd7660487fb74a8a"
},
{
"category": "vendor_fix",
"details": "Configure System Security Features User Manual, SECURE-UM001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://pdf4pro.com/view/configure-system-security-features-user-manual-5f8cd0.html"
},
{
"category": "vendor_fix",
"details": "Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…