Filtered by vendor Rockwellautomation
Subscribe
Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9343 | 1 Rockwellautomation | 32 1768 Compact Guardlogix L4xs Controller, 1768 Compact Guardlogix L4xs Controller Firmware, 1768 Compactlogix L4x Controller and 29 more | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. | |||||
| CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2025-04-18 | N/A | 6.7 MEDIUM |
| An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2020-14504 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. | |||||
| CVE-2020-14502 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. | |||||
| CVE-2020-14481 | 1 Rockwellautomation | 1 Factorytalk View | 2025-04-17 | 2.1 LOW | 7.8 HIGH |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | |||||
| CVE-2020-14480 | 1 Rockwellautomation | 1 Factorytalk View | 2025-04-17 | 2.1 LOW | 5.5 MEDIUM |
| Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. | |||||
| CVE-2020-14478 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-17 | 5.6 MEDIUM | 7.1 HIGH |
| A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. | |||||
| CVE-2021-32960 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-17 | 6.0 MEDIUM | 8.5 HIGH |
| Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. | |||||
| CVE-2020-6998 | 1 Rockwellautomation | 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more | 2025-04-17 | N/A | 5.8 MEDIUM |
| The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. | |||||
| CVE-2024-11155 | 1 Rockwellautomation | 1 Arena | 2025-04-14 | N/A | 7.8 HIGH |
| A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2016-5645 | 1 Rockwellautomation | 6 1766-l32awa, 1766-l32awaa, 1766-l32bwa and 3 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. | |||||
| CVE-2014-5410 | 1 Rockwellautomation | 1 Ab Micrologix Controller | 2025-04-12 | 7.1 HIGH | N/A |
| The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. | |||||
| CVE-2015-6486 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2279 | 1 Rockwellautomation | 46 Compactlogix 1756-en2f Series A, Compactlogix 1756-en2f Series A Firmware, Compactlogix 1756-en2f Series B and 43 more | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1010 | 1 Rockwellautomation | 1 Rsview32 | 2025-04-12 | 4.9 MEDIUM | N/A |
| Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. | |||||
| CVE-2016-0868 | 1 Rockwellautomation | 9 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 6 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. | |||||
| CVE-2015-6491 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2025-04-12 | 4.0 MEDIUM | N/A |
| Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | |||||
| CVE-2014-9209 | 1 Rockwellautomation | 2 Factorytalk Services Platform, Factorytalk View Studio | 2025-04-12 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-2277 | 1 Rockwellautomation | 1 Integrated Architecture Builder | 2025-04-12 | 6.9 MEDIUM | 6.3 MEDIUM |
| IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | |||||
| CVE-2016-5814 | 1 Rockwellautomation | 5 Rslogix 500 Professional Edition, Rslogix 500 Standard Edition, Rslogix 500 Starter Edition and 2 more | 2025-04-12 | 9.3 HIGH | 8.6 HIGH |
| Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file. | |||||