Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2013-2805 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. | 7.8 |
| 2019-03-26 | CVE-2010-5305 | Improper Access Control vulnerability in Rockwellautomation products The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. | 7.5 |
| 2019-03-26 | CVE-2013-2807 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. | 7.8 |
| 2019-03-26 | CVE-2013-2806 | Integer Overflow or Wraparound vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. | 7.8 |
| 2019-01-24 | CVE-2018-18981 | Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Services Platform In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. | 7.8 |
| 2018-12-26 | CVE-2018-19616 | Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. | 6.8 |
| 2018-12-26 | CVE-2018-19615 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. | 6.1 |
| 2018-12-07 | CVE-2018-17924 | Missing Authentication for Critical Function vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. | 7.8 |
| 2018-09-20 | CVE-2018-14829 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. | 7.5 |
| 2018-09-20 | CVE-2018-14827 | Resource Exhaustion vulnerability in Rockwellautomation Rslinx Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. | 5.0 |