Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Rockwell Automation's ArmorStart ST product (281E, 284EE). The flaw allows a malicious user with admin privileges and network access to inject arbitrary web scripts or HTML, leading to unauthorized viewing of user data and modification of the web interface [1]. The official description does not specify exact firmware versions, but affected devices should be assumed to include the listed product lines.

Exploitation

An attacker must possess valid administrator credentials for the ArmorStart ST device and have network connectivity to it. With these prerequisites, the attacker can craft and deliver a malicious script via a vulnerable input field or parameter; the script is then stored or reflected in the web interface, executing in the context of other users' browsers when the page is accessed [1].

Impact

Successful exploitation permits the attacker to view sensitive user data displayed within the web interface, modify the appearance or content of web pages, and potentially cause interruptions to the availability of those pages. The privilege level required is admin; the compromise is limited to the web interface layer of the affected device [1].

Mitigation

Rockwell Automation has not yet publicly disclosed a fixed version or release date in the available reference. Users should apply principle of least privilege to administrator accounts, restrict network access to the device's web interface to trusted users only, and monitor the vendor's advisory (linked in [1]) for forthcoming patches.