CVE-2023-29024 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29024
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29023 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29023
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29030 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29030
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29031 – Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
https://notcve.org/view.php?id=CVE-2023-29031
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10 • CWE-787: Out-of-bounds Write •