Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2020-14502 | Cross-site Scripting vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. | 6.1 |
| 2022-02-24 | CVE-2020-14504 | Improper Authentication vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. | 5.3 |
| 2021-07-09 | CVE-2021-33012 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. | 8.6 |
| 2021-06-03 | CVE-2021-32926 | Unspecified vulnerability in Rockwellautomation Micro800 Firmware and Micrologix 1400 Firmware When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. | 7.5 |
| 2021-03-25 | CVE-2021-22659 | Unspecified vulnerability in Rockwellautomation Micrologix 1400 Firmware 21.0/21.6 Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. | 8.6 |
| 2021-03-18 | CVE-2021-22665 | Unspecified vulnerability in Rockwellautomation Drivetools Add-On Profiles and Drivetools SP Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | 7.8 |
| 2021-03-18 | CVE-2020-14516 | Unspecified vulnerability in Rockwellautomation Factorytalk Services Platform 6.10.00/6.11.00 In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. | 10.0 |
| 2021-03-03 | CVE-2021-22681 | Insufficiently Protected Credentials vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | 9.8 |
| 2021-02-04 | CVE-2020-6088 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex IO 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.5 |
| 2021-01-14 | CVE-2020-27267 | Out-of-bounds Write vulnerability in multiple products KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |