Filtered by vendor Rockwellautomation Subscriptions
Total 290 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-0473 1 Rockwellautomation 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge 2024-11-21 N/A
Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-0472 1 Rockwellautomation 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-10945 1 Rockwellautomation 1 Factorytalk Updater 2024-11-13 7.3 High
A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation.
CVE-2024-10944 1 Rockwellautomation 1 Factorytalk Updater 2024-11-13 8.4 High
A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed.
CVE-2024-10943 1 Rockwellautomation 1 Factorytalk Updater 2024-11-13 9.1 Critical
An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2024-37365 1 Rockwellautomation 1 Factorytalk View Machine Edition 2024-11-12 7.3 High
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
CVE-2024-10386 1 Rockwellautomation 1 Thinmanager 2024-11-05 9.8 Critical
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
CVE-2024-10387 1 Rockwellautomation 1 Thinmanager 2024-11-05 7.5 High
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
CVE-2024-6207 1 Rockwellautomation 18 Compact Guardlogix 5380 Sil2 Firmware, Compact Guardlogix 5380 Sil3 Firmware, Compact Guardlogix 5380 Sil 2 and 15 more 2024-10-21 7.5 High
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
CVE-2024-7847 1 Rockwellautomation 4 Rslogix 5, Rslogix 500, Rslogix Micro Developer and 1 more 2024-10-15 7.7 High
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.
CVE-2024-8626 1 Rockwellautomation 5 1756-en4tr Firmware, Compact Guardlogix 5380 Firmware, Compactlogix 5380 Firmware and 2 more 2024-10-10 N/A
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
CVE-2024-9412 1 Rockwellautomation 1 Verve Asset Manager 2024-10-10 N/A
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
CVE-2024-6436 1 Rockwellautomation 1 Sequencemanager 2024-10-03 N/A
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.
CVE-2024-45823 1 Rockwellautomation 1 Factorytalk Batch View 2024-10-02 8.1 High
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2024-45825 1 Rockwellautomation 2 5015-u8ihft, 5015-u8ihft Firmware 2024-10-02 7.5 High
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
CVE-2024-45826 1 Rockwellautomation 1 Thinmanager 2024-10-02 6.8 Medium
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
CVE-2024-6077 1 Rockwellautomation 18 1756-en4, 1756-en4 Firmware, Compact Guardlogix 5380 Sil2 Firmware and 15 more 2024-09-19 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
CVE-2024-8533 1 Rockwellautomation 6 2800c Optixpanel Compact, 2800c Optixpanel Compact Firmware, 2800s Optixpanel Standard and 3 more 2024-09-19 8.8 High
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
CVE-2024-7960 1 Rockwellautomation 1 Pavilion8 2024-09-19 9.1 Critical
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
CVE-2024-7961 1 Rockwellautomation 1 Pavilion8 2024-09-19 9.8 Critical
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.