Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-33012 Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware
Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition.
network
low complexity
rockwellautomation
5.0
2021-06-03 CVE-2021-32926 Man-In-The-Middle vulnerability in Rockwellautomation Micro800 Firmware and Micrologix 1400 Firmware
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash.
network
low complexity
rockwellautomation CWE-300
5.0
2021-03-25 CVE-2021-22659 Classic Buffer Overflow vulnerability in Rockwellautomation Micrologix 1400 Firmware
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register.
network
low complexity
rockwellautomation CWE-120
7.5
2021-03-18 CVE-2021-22665 Uncontrolled Search Path Element vulnerability in Rockwellautomation Drivetools Add-On Profiles and Drivetools SP
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
local
low complexity
rockwellautomation CWE-427
7.2
2021-03-18 CVE-2020-14516 USE of Password Hash With Insufficient Computational Effort vulnerability in Rockwellautomation Factorytalk Services Platform 6.10.00/6.11.00
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
network
low complexity
rockwellautomation CWE-916
7.5
2021-03-03 CVE-2021-22681 Insufficiently Protected Credentials vulnerability in Rockwellautomation Rslogix 500 and Studio 5000 Logix Designer
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
network
low complexity
rockwellautomation CWE-522
7.5
2021-02-04 CVE-2020-6088 Classic Buffer Overflow vulnerability in Rockwellautomation Flex IO 1794-Aent/B Firmware 4.003
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.
network
low complexity
rockwellautomation CWE-120
5.0
2021-01-14 CVE-2020-27267 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow.
6.4
2021-01-14 CVE-2020-27265 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow.
7.5
2021-01-14 CVE-2020-27263 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow.
6.4