Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
Description
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in Rockwell Automation ArmorStart ST allows admin users with network access to view data, modify interface, and cause availability interruptions.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in Rockwell Automation's ArmorStart ST product [1]. The flaw requires administrative privileges and network access to exploit. Affected versions are not explicitly stated in the description; consult the vendor advisory [1] for version details.
Exploitation
An attacker with admin privileges and network access can inject malicious scripts into the web interface. The exact steps are not detailed, but the vulnerability enables viewing user data and modifying the interface.
Impact
Successful exploitation could lead to unauthorized viewing of user data, modification of the web interface, and potential denial-of-service interruptions to the web page availability.
Mitigation
Rockwell Automation has not provided a concrete fix or workaround in the available reference [1]. Users should monitor the vendor advisory for updates. No patch date is specified.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.