Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2018-04-05 CVE-2017-12093 Resource Exhaustion vulnerability in Rockwellautomation Micrologix 1400 B Firmware
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before.
network
low complexity
rockwellautomation CWE-400
5.3
2018-04-05 CVE-2017-12090 Resource Exhaustion vulnerability in Rockwellautomation Micrologix 1400 B Firmware
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below.
network
low complexity
rockwellautomation CWE-400
7.5
2018-04-05 CVE-2017-12089 Unspecified vulnerability in Rockwellautomation Micrologix 1400 B Firmware
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before.
network
low complexity
rockwellautomation
7.5
2018-04-05 CVE-2017-12088 Improper Input Validation vulnerability in Rockwellautomation Micrologix 1400 B Firmware
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below.
network
low complexity
rockwellautomation CWE-20
7.5
2018-01-09 CVE-2017-16740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier.
network
low complexity
rockwellautomation CWE-119
critical
10.0
2017-12-23 CVE-2017-14022 Improper Input Validation vulnerability in Rockwellautomation Factorytalk Alarms and Events 2.90
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier.
network
low complexity
rockwellautomation CWE-20
7.5
2017-09-20 CVE-2017-7924 Improper Input Validation vulnerability in Rockwellautomation products
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD.
network
low complexity
rockwellautomation CWE-20
7.5
2017-06-30 CVE-2017-7903 Inadequate Encryption Strength vulnerability in Rockwellautomation products
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-326
critical
9.8
2017-06-30 CVE-2017-7902 Use of Insufficiently Random Values vulnerability in Rockwellautomation products
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-330
critical
9.8
2017-06-30 CVE-2017-7901 Use of Insufficiently Random Values vulnerability in Rockwellautomation products
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-330
8.6