Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27462 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27464 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |
| 2022-03-23 | CVE-2021-27466 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27468 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |
| 2022-03-23 | CVE-2021-27470 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 8.6 |
| 2022-03-23 | CVE-2021-27472 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | 9.8 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 8.2 |
| 2022-03-23 | CVE-2021-27474 | Unspecified vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. | 7.5 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 8.6 |