Vulnerabilities > Rockwellautomation > Factorytalk Services Platform > 2.90

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-21917 Improper Verification of Cryptographic Signature vulnerability in Rockwellautomation Factorytalk Services Platform
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory.
network
low complexity
rockwellautomation CWE-347
critical
9.1
2022-04-01 CVE-2021-32960 Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name.
network
low complexity
rockwellautomation CWE-863
8.8
2022-02-24 CVE-2020-14478 XXE vulnerability in Rockwellautomation Factorytalk Services Platform
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content.
local
low complexity
rockwellautomation CWE-611
7.1
2021-03-03 CVE-2021-22681 Insufficiently Protected Credentials vulnerability in Rockwellautomation products
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
network
low complexity
rockwellautomation CWE-522
critical
9.8
2019-01-24 CVE-2018-18981 Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Services Platform
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
network
low complexity
rockwellautomation CWE-787
7.5