Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-04 | CVE-2018-19282 | Resource Exhaustion vulnerability in Rockwellautomation Powerflex 525 AC Drives Firmware 5.001 Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. | 9.8 |
| 2019-04-04 | CVE-2019-6553 | Out-of-bounds Write vulnerability in Rockwellautomation Rslinx A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. | 9.8 |
| 2019-03-27 | CVE-2018-19016 | Improper Input Validation vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. | 7.5 |
| 2019-03-26 | CVE-2013-2805 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. | 7.5 |
| 2019-03-26 | CVE-2010-5305 | Improper Access Control vulnerability in Rockwellautomation products The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. | 9.8 |
| 2019-03-26 | CVE-2013-2807 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. | 7.5 |
| 2019-03-26 | CVE-2013-2806 | Integer Overflow or Wraparound vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. | 7.5 |
| 2019-01-24 | CVE-2018-18981 | Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Services Platform In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. | 7.5 |
| 2018-12-26 | CVE-2018-19616 | Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. | 8.1 |
| 2018-12-26 | CVE-2018-19615 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. | 6.1 |