Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
Description
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in Rockwell Automation ArmorStart ST allows admin users with network access to view/modify data or cause denial of service.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in Rockwell Automation's ArmorStart ST product (models 281E and 284EE) [1]. The vulnerability requires an attacker to have admin privileges and network access to the affected device.
Exploitation
An authenticated attacker with admin privileges can exploit the XSS vulnerability by injecting malicious scripts into the web interface. The attacker must have network access to the product's web server [1].
Impact
Successful exploitation could allow the attacker to view sensitive user data, modify the web interface content, or cause interruptions to the availability of the web page [1]. The exact impact scope is limited by the privileges of the admin account used.
Mitigation
No mitigation details have been disclosed in the available references [1]. Users should monitor Rockwell Automation's advisory for updates.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.