Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-27 | CVE-2022-3156 | Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00 A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | 7.8 |
| 2022-12-19 | CVE-2022-3752 | Unspecified vulnerability in Rockwellautomation products An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. | 7.5 |
| 2022-12-16 | CVE-2022-3157 | Unspecified vulnerability in Rockwellautomation products A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | 7.5 |
| 2022-12-16 | CVE-2022-46670 | Cross-site Scripting vulnerability in Rockwellautomation products Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. | 6.1 |
| 2022-12-16 | CVE-2022-3166 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. | 7.5 |
| 2022-10-27 | CVE-2022-38744 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. | 7.5 |
| 2022-10-17 | CVE-2022-3158 | SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. | 8.8 |
| 2022-10-17 | CVE-2022-38743 | Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. | 8.8 |
| 2022-09-23 | CVE-2022-38742 | Out-of-bounds Write vulnerability in Rockwellautomation Thinmanager Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. | 9.8 |
| 2022-08-25 | CVE-2022-2463 | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. | 7.8 |