Filtered by vendor Rockwellautomation
Subscriptions
Total
290 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45824 | 1 Rockwellautomation | 1 Factorytalk View | 2024-09-12 | 9.8 Critical |
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | ||||
CVE-2024-7988 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | 9.8 Critical |
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. | ||||
CVE-2024-7987 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | N/A |
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | ||||
CVE-2024-6079 | 1 Rockwellautomation | 1 Emulate3d | 2024-08-21 | N/A |
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. | ||||
CVE-2024-6078 | 1 Rockwellautomation | 1 Datamosaix | 2024-08-19 | N/A |
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud. | ||||
CVE-2024-40619 | 1 Rockwellautomation | 2 Controllogix 5580 Firmware, Guardlogix 5580 Firmware | 2024-08-19 | N/A |
CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. | ||||
CVE-2024-7507 | 1 Rockwellautomation | 5 Compact Guardlogix 5380 Firmware, Compactlogix 5480 Firmware, Controllogix 5380 Firmware and 2 more | 2024-08-15 | N/A |
CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | ||||
CVE-2024-7513 | 1 Rockwellautomation | 1 Factorytalk View | 2024-08-15 | N/A |
CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. | ||||
CVE-2024-7515 | 1 Rockwellautomation | 5 Compact Guardlogix 5380 Firmware, Compactlogix 5380 Firmware, Compactlogix 5480 Firmware and 2 more | 2024-08-15 | N/A |
CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | ||||
CVE-2024-7567 | 1 Rockwellautomation | 2 Micro850 Firmware, Micro870 Firmware | 2024-08-14 | N/A |
A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration. |