Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Rockwell Automation's ArmorStart ST product (models 281E and 284EE) [1]. The flaw enables a malicious user with administrator privileges and network access to inject malicious scripts into the web interface [1]. The exact affected firmware versions are not detailed in the available references, but the advisory covers these product lines [1].

Exploitation

An attacker must have administrator-level credentials and network connectivity to the ArmorStart ST device [1]. With these prerequisites, the attacker can inject a crafted payload into the web application through an input field or parameter that is not properly sanitized [1]. No user interaction is required beyond the attacker's own admin session [1].

Impact

Successful exploitation allows the attacker to view sensitive user data, modify the appearance or content of the web interface, and potentially cause interruptions to the availability of the web page [1]. The impact is limited to the scope of the web interface and does not extend to control logic or field device operations according to the advisory [1].

Mitigation

Rockwell Automation has released a security advisory (publication ID 1139438) addressing these vulnerabilities [1]. Users should review the advisory, apply any recommended firmware updates or configuration changes, and restrict administrative access to trusted networks. If no patch is explicitly listed in the advisory, users should contact Rockwell Automation support for remediation guidance [1].