Vulnerabilities > Rockwellautomation > Factorytalk Services Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 6.0 |
| 2022-02-24 | CVE-2020-14478 | XXE vulnerability in Rockwellautomation Factorytalk Services Platform A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. | 5.6 |
| 2020-06-23 | CVE-2020-12033 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Services Platform In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | 5.8 |
| 2015-03-31 | CVE-2014-9209 | Unspecified vulnerability in Rockwellautomation products Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. local rockwellautomation | 6.9 |