Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27466 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27468 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |
| 2022-03-23 | CVE-2021-27470 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 8.6 |
| 2022-03-23 | CVE-2021-27472 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | 9.8 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 8.2 |
| 2022-03-23 | CVE-2021-27474 | Unspecified vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. | 7.5 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 8.6 |
| 2022-03-23 | CVE-2021-27476 | OS Command Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. | 9.8 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.8 |