Filtered by vendor Rockwellautomation Subscriptions
Total 290 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-29029 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29028 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29027 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29026 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29025 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29024 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 5.5 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
CVE-2023-29023 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 7 High
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
CVE-2023-29022 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-27857 1 Rockwellautomation 1 Thinmanager 2024-11-21 7.5 High
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
CVE-2023-27856 1 Rockwellautomation 1 Thinmanager 2024-11-21 7.5 High
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
CVE-2023-27855 1 Rockwellautomation 1 Thinmanager 2024-11-21 9.8 Critical
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
CVE-2023-1834 1 Rockwellautomation 2 Kinetix 5500, Kinetix 5500 Firmware 2024-11-21 9.4 Critical
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the device through the open ports.
CVE-2023-0755 3 Ge, Ptc, Rockwellautomation 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more 2024-11-21 9.8 Critical
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVE-2023-0754 3 Ge, Ptc, Rockwellautomation 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more 2024-11-21 9.8 Critical
The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
CVE-2023-0027 1 Rockwellautomation 1 Modbus Tcp Server Add On Instructions 2024-11-21 5.3 Medium
Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.
CVE-2022-46670 1 Rockwellautomation 10 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 7 more 2024-11-21 7.1 High
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.  The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
CVE-2022-3752 1 Rockwellautomation 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more 2024-11-21 8.6 High
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.
CVE-2022-3166 1 Rockwellautomation 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more 2024-11-21 7.5 High
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device
CVE-2022-3158 1 Rockwellautomation 1 Factorytalk Vantagepoint 2024-11-21 8.8 High
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
CVE-2022-3157 1 Rockwellautomation 12 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 9 more 2024-11-21 8.6 High
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).