Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2022-3156 Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.
local
low complexity
rockwellautomation CWE-287
7.8
2022-12-16 CVE-2022-46670 Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.
network
low complexity
rockwellautomation CWE-79
6.1
2022-12-16 CVE-2022-3166 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition.
network
low complexity
rockwellautomation CWE-924
7.5
2022-10-27 CVE-2022-38744 Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable.
network
low complexity
rockwellautomation CWE-287
7.5
2022-10-17 CVE-2022-3158 SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability.
network
low complexity
rockwellautomation CWE-89
8.8
2022-10-17 CVE-2022-38743 Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability.
network
low complexity
rockwellautomation
8.8
2022-06-02 CVE-2022-1797 Resource Exhaustion vulnerability in Rockwellautomation products
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault.
network
low complexity
rockwellautomation CWE-400
7.8
2022-05-17 CVE-2022-1118 Deserialization of Untrusted Data vulnerability in Rockwellautomation products
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized.
6.8
2022-04-11 CVE-2022-1161 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.
network
low complexity
rockwellautomation CWE-829
7.5
2022-04-01 CVE-2021-32960 Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name.
6.0