Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2021-01-14 | CVE-2020-27263 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |
| 2021-01-07 | CVE-2020-13573 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx 2.57.00.14 A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. | 7.5 |
| 2020-12-29 | CVE-2020-5807 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Diagnostics 6.11 An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. | 7.5 |
| 2020-12-29 | CVE-2020-5806 | Allocation of Resources Without Limits or Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. | 5.5 |
| 2020-12-29 | CVE-2020-5802 | Allocation of Resources Without Limits or Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. | 7.5 |
| 2020-12-29 | CVE-2020-5801 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. | 7.5 |
| 2020-12-03 | CVE-2020-6111 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 B Firmware An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. | 7.5 |
| 2020-11-26 | CVE-2020-27255 | Unspecified vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. | 7.5 |
| 2020-11-26 | CVE-2020-27253 | Unspecified vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. | 7.5 |