CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29027 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29027
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29026 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29026
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29025 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29025
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29024 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29024
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29023 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29023
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29030 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29030
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29031 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29031
11 May 2023 — A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29461 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29461
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29460 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29460
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to expl... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •