Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-28 | CVE-2016-4531 | Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
| 2016-07-28 | CVE-2016-4522 | SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2016-04-06 | CVE-2016-2277 | Improper Access Control vulnerability in Rockwellautomation Integrated Architecture Builder 9.6.0.7/9.7.0.0/9.7.0.1 IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | 6.9 |
| 2016-03-02 | CVE-2016-2279 | Cross-site Scripting vulnerability in Rockwellautomation products Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-01-28 | CVE-2016-0868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. | 10.0 |
| 2015-10-28 | CVE-2015-6492 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | 7.8 |
| 2015-10-28 | CVE-2015-6491 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | 4.0 |
| 2015-10-28 | CVE-2015-6490 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2015-10-28 | CVE-2015-6488 | Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-10-28 | CVE-2015-6486 | SQL Injection vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |