Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-7960 Unspecified vulnerability in Rockwellautomation Pavilion8 5.20
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings.
network
low complexity
rockwellautomation
critical
9.1
2024-09-12 CVE-2024-7961 Path Traversal vulnerability in Rockwellautomation Pavilion8 5.20
A path traversal vulnerability exists in the Rockwell Automation affected product.
network
low complexity
rockwellautomation CWE-22
critical
9.8
2024-09-12 CVE-2024-6077 Unspecified vulnerability in Rockwellautomation products
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object.
network
low complexity
rockwellautomation
7.5
2024-09-12 CVE-2024-8533 Incorrect Default Permissions vulnerability in Rockwellautomation products
A privilege escalation vulnerability exists in the Rockwell Automation affected products.
network
low complexity
rockwellautomation CWE-276
8.8
2024-09-12 CVE-2024-45823 Unspecified vulnerability in Rockwellautomation Factorytalk Batch View 2.01.00
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.
network
low complexity
rockwellautomation
critical
9.8
2024-09-12 CVE-2024-45825 Unspecified vulnerability in Rockwellautomation 5015-U8Ihft Firmware 1.011/1.012
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products.
network
low complexity
rockwellautomation
7.5
2024-09-12 CVE-2024-45826 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request.
network
low complexity
rockwellautomation CWE-610
8.8
2024-07-16 CVE-2024-6089 Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011
An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault.
network
low complexity
rockwellautomation
7.5
2024-07-16 CVE-2024-6325 Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.
network
low complexity
rockwellautomation CWE-276
6.5
2024-07-16 CVE-2024-6326 Incorrect Default Permissions vulnerability in Rockwellautomation products
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.
local
low complexity
rockwellautomation CWE-276
5.5