ICSA-23-136-02 · Published 2023-05-18 · View on CISA ICS-CERT ↗

Rockwell ArmorStart

CVSS 7.0 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow a malicious user to view and modify sensitive data or make the web page unavailable.

CVE-2023-29031 CVE-2023-29030 CVE-2023-29023 CVE-2023-29024 CVE-2023-29025 CVE-2023-29026 CVE-2023-29027 CVE-2023-29028 CVE-2023-29029 CVE-2023-29022

Rockwell Automation recommends users take the following measures to mitigate the risk of these vulnerabilities:
Disable the webserver during normal use. The webserver is disabled by default and should only be enabled to modify configurations. After modifying configurations, the web server should be disabled.
For information on how to mitigate security risks on industrial automation control systems (IACS) networks see the following publications:
System Security Design Guidelines Reference Manual publication, SECURE-RM001
Configure System Security Features User Manual, SECURE-UM001
Additionally, Rockwell Automation encourages customers to implement their suggested Security Best Practices to minimize the risk of the vulnerabilities.

Rockwell Automation

Rockwell Automation · ArmorStart ST281E >= 2.004.06

Rockwell Automation · ArmorStart ST284E vers:all/*

Rockwell Automation · ArmorStart ST280E vers:all/*

Critical Manufacturer

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.