Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-21916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers.
network
low complexity
rockwellautomation CWE-119
7.5
2024-01-31 CVE-2024-21917 Improper Verification of Cryptographic Signature vulnerability in Rockwellautomation Factorytalk Services Platform
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory.
network
low complexity
rockwellautomation CWE-347
critical
9.1
2023-11-30 CVE-2023-5908 Classic Buffer Overflow vulnerability in multiple products
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
network
low complexity
ptc softwaretoolbox ge rockwellautomation CWE-120
critical
9.1
2023-11-30 CVE-2023-5909 Improper Certificate Validation vulnerability in multiple products
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5
2023-10-27 CVE-2023-27854 Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.
local
low complexity
rockwellautomation CWE-125
7.8
2023-10-27 CVE-2023-27858 Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.
local
low complexity
rockwellautomation CWE-824
7.8
2023-10-27 CVE-2023-46289 Improper Input Validation vulnerability in Rockwellautomation Factorytalk View
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline.
network
low complexity
rockwellautomation CWE-20
7.5
2023-10-27 CVE-2023-46290 Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform .
network
high complexity
rockwellautomation CWE-287
8.1
2023-10-13 CVE-2023-29464 Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Linx 6.20/6.30
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets.
network
low complexity
rockwellautomation CWE-787
critical
9.1
2023-09-20 CVE-2023-2262 Out-of-bounds Write vulnerability in Rockwellautomation products
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices.
network
low complexity
rockwellautomation CWE-787
critical
9.8