Vulnerabilities > Rockwellautomation
|2022-12-27||CVE-2022-3156|| Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate |
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.
| 7.8 |
|2022-12-16||CVE-2022-46670|| Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware |
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.
| 6.1 |
|2022-12-16||CVE-2022-3166|| Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware |
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition.
| 7.5 |
|2022-10-27||CVE-2022-38744|| Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events |
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable.
| 7.5 |
|2022-10-17||CVE-2022-3158|| SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint |
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability.
| 8.8 |
|2022-10-17||CVE-2022-38743|| Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint |
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability.
| 8.8 |
|2022-06-02||CVE-2022-1797|| Resource Exhaustion vulnerability in Rockwellautomation products |
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault.
| 7.8 |
|2022-05-17||CVE-2022-1118|| Deserialization of Untrusted Data vulnerability in Rockwellautomation products |
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized.
| 6.8 |
|2022-04-11||CVE-2022-1161|| Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products |
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.
| 7.5 |
|2022-04-01||CVE-2021-32960|| Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform |
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name.
| 6.0 |