Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-27468 SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication.
network
low complexity
rockwellautomation CWE-89
critical
9.8
2022-03-23 CVE-2021-27470 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
9.8
2022-03-23 CVE-2021-27471 Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00
The parsing mechanism that processes certain file types does not provide input sanitization for file paths.
local
low complexity
rockwellautomation CWE-22
8.6
2022-03-23 CVE-2021-27472 SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
network
low complexity
rockwellautomation CWE-89
critical
9.8
2022-03-23 CVE-2021-27473 Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction.
local
low complexity
rockwellautomation CWE-22
8.2
2022-03-23 CVE-2021-27474 Unspecified vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services.
network
low complexity
rockwellautomation
7.5
2022-03-23 CVE-2021-27475 Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench 12.00.00
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized.
local
low complexity
rockwellautomation CWE-502
8.6
2022-03-23 CVE-2021-27476 OS Command Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection.
network
low complexity
rockwellautomation CWE-78
critical
9.8
2022-03-18 CVE-2020-25176 Path Traversal vulnerability in multiple products
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system.
network
low complexity
schneider-electric rockwellautomation xylem CWE-22
critical
9.8
2022-03-18 CVE-2020-25178 Cleartext Transmission of Sensitive Information vulnerability in multiple products
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP.
8.8