Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2020-6980 | Cleartext Storage of Sensitive Information vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. | 3.3 |
| 2020-01-27 | CVE-2019-13521 | Unspecified vulnerability in Rockwellautomation Arena Simulation 16.00.00 A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. | 7.8 |
| 2020-01-27 | CVE-2019-13519 | Type Confusion vulnerability in Rockwellautomation Arena Simulation 16.00.00 A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. | 7.8 |
| 2019-09-24 | CVE-2019-13527 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation Software 16.00.00 In Rockwell Automation Arena Simulation Software Cat. | 7.8 |
| 2019-08-15 | CVE-2019-13511 | Use After Free vulnerability in Rockwellautomation Arena Simulation Software 16.00.00 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. | 3.3 |
| 2019-08-15 | CVE-2019-13510 | Use After Free vulnerability in Rockwellautomation Arena Simulation Software 16.00.00 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. | 7.8 |
| 2019-07-11 | CVE-2019-10970 | Unspecified vulnerability in Rockwellautomation Panelview 5510 Firmware In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | 9.8 |
| 2019-05-01 | CVE-2019-10952 | Resource Exhaustion vulnerability in Rockwellautomation products An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. | 9.8 |
| 2019-05-01 | CVE-2019-10954 | Stack-based Buffer Overflow vulnerability in Rockwellautomation products An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | 7.5 |
| 2019-04-25 | CVE-2019-10955 | Open Redirect vulnerability in Rockwellautomation products In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | 6.1 |