Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Rockwell Automation's ArmorStart ST product, specifically in models 281E and 284EE. The flaw allows a malicious user with admin privileges and network access to inject malicious scripts into the web interface. The affected versions are those prior to the firmware update referenced in the vendor advisory [1].

Exploitation

An attacker must have administrative privileges and network access to the ArmorStart ST device. The attacker can then craft a malicious payload that, when processed by the web interface, executes in the context of other users' sessions. No user interaction beyond normal browsing is required for the injected script to run.

Impact

Successful exploitation enables the attacker to view sensitive user data, modify the web interface content, and potentially cause interruptions to the availability of the web page. The attacker gains the ability to perform actions within the context of the affected web application, leading to information disclosure and partial compromise of the device's management interface.

Mitigation

Rockwell Automation has released a security advisory [1] detailing the vulnerability and providing firmware updates to address the issue. Users should update their ArmorStart ST devices to the latest firmware version as specified in the advisory. No workarounds are documented; applying the patch is the recommended mitigation.