Filtered by vendor Rockwellautomation
Subscriptions
Total
290 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2024-12-06 | 6.7 Medium |
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
CVE-2018-0163 | 2 Cisco, Rockwellautomation | 96 1120 Connected Grid Router, 1240 Connected Grid Router, 1905 Serial Integrated Services Router and 93 more | 2024-12-02 | 6.5 Medium |
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. | ||||
CVE-2024-9124 | 1 Rockwellautomation | 1 Powerflex 600t | 2024-11-21 | N/A |
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. | ||||
CVE-2024-6326 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2024-11-21 | 5.5 Medium |
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | ||||
CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2024-11-21 | 6.5 Medium |
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | ||||
CVE-2024-6089 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2024-11-21 | 7.5 High |
An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. | ||||
CVE-2024-5990 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-11-21 | 7.5 High |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | ||||
CVE-2024-5989 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-11-21 | 9.8 Critical |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | ||||
CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2024-11-21 | 9.8 Critical |
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | ||||
CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | N/A |
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | ||||
CVE-2024-37368 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | N/A |
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | ||||
CVE-2024-37367 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 7.5 High |
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification. | ||||
CVE-2024-21917 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-11-21 | 9.8 Critical |
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. | ||||
CVE-2024-21916 | 1 Rockwellautomation | 6 Controllogix 5570 Controller, Controllogix 5570 Controller Firmware, Controllogix 5570 Redundant Controller and 3 more | 2024-11-21 | 8.6 High |
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF. | ||||
CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | 7.5 High |
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | ||||
CVE-2023-5908 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | 9.1 Critical |
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | ||||
CVE-2023-46290 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-11-21 | 8.1 High |
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. | ||||
CVE-2023-46289 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 7.5 High |
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. | ||||
CVE-2023-3596 | 1 Rockwellautomation | 6 1756-en4tr, 1756-en4tr Firmware, 1756-en4trk and 3 more | 2024-11-21 | 7.5 High |
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. | ||||
CVE-2023-3595 | 1 Rockwellautomation | 24 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 21 more | 2024-11-21 | 9.8 Critical |
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. |