Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-1797 Unspecified vulnerability in Rockwellautomation products
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault.
network
low complexity
rockwellautomation
8.6
2022-05-17 CVE-2022-1118 Unspecified vulnerability in Rockwellautomation products
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized.
local
low complexity
rockwellautomation
7.8
2022-04-11 CVE-2022-1161 Unspecified vulnerability in Rockwellautomation products
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.
network
low complexity
rockwellautomation
critical
9.8
2022-04-01 CVE-2021-32960 Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name.
network
low complexity
rockwellautomation CWE-863
8.8
2022-04-01 CVE-2022-1018 XXE vulnerability in Rockwellautomation products
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file.
local
low complexity
rockwellautomation CWE-611
5.5
2022-04-01 CVE-2022-1159 Code Injection vulnerability in Rockwellautomation products
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.
network
low complexity
rockwellautomation CWE-94
7.2
2022-03-23 CVE-2021-27460 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid.
network
low complexity
rockwellautomation CWE-502
critical
9.8
2022-03-23 CVE-2021-27462 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
9.8
2022-03-23 CVE-2021-27464 SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication.
network
low complexity
rockwellautomation CWE-89
critical
9.8
2022-03-23 CVE-2021-27466 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
9.8