Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2021-01-07 CVE-2020-13573 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation Rslinx 2.57.00.14
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3.
network
low complexity
rockwellautomation CWE-119
5.0
2020-12-29 CVE-2020-5807 Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Diagnostics 6.11
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log.
network
low complexity
rockwellautomation CWE-755
5.0
2020-12-29 CVE-2020-5806 Allocation of Resources Without Limits OR Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll.
local
low complexity
rockwellautomation CWE-770
2.1
2020-12-29 CVE-2020-5802 Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241.
network
low complexity
rockwellautomation CWE-755
5.0
2020-12-29 CVE-2020-5801 Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination.
network
low complexity
rockwellautomation CWE-755
5.0
2020-12-03 CVE-2020-6111 Unspecified vulnerability in Rockwellautomation Micrologix 1100 B Firmware
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000.
network
low complexity
rockwellautomation
5.0
2020-11-26 CVE-2020-27255 Heap-Based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior.
network
low complexity
rockwellautomation CWE-122
5.0
2020-11-26 CVE-2020-27253 Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior.
network
low complexity
rockwellautomation CWE-20
7.8
2020-11-26 CVE-2020-27251 Heap-Based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior.
network
low complexity
rockwellautomation CWE-122
7.5
2020-10-19 CVE-2020-6085 Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.
network
low complexity
rockwellautomation CWE-120
7.8