Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-45825 Unspecified vulnerability in Rockwellautomation 5015-U8Ihft Firmware 1.011/1.012
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products.
network
low complexity
rockwellautomation
7.5
2024-09-12 CVE-2024-45826 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request.
network
low complexity
rockwellautomation CWE-610
8.8
2024-07-16 CVE-2024-6089 Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011
An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault.
network
low complexity
rockwellautomation
7.5
2024-07-16 CVE-2024-6325 Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.
network
low complexity
rockwellautomation CWE-276
6.5
2024-07-16 CVE-2024-6326 Incorrect Default Permissions vulnerability in Rockwellautomation products
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.
local
low complexity
rockwellautomation CWE-276
5.5
2024-06-25 CVE-2024-5988 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5989 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5990 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
network
low complexity
rockwellautomation
7.5
2024-06-14 CVE-2024-37367 Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12.
network
low complexity
rockwellautomation CWE-287
7.5
2024-03-26 CVE-2024-21912 Out-of-bounds Write vulnerability in Rockwellautomation Arena
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software.
local
low complexity
rockwellautomation CWE-787
7.8