Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2017-06-30 CVE-2017-7899 Information Exposure vulnerability in Rockwellautomation products
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-200
critical
9.8
2017-06-30 CVE-2017-7898 Improper Restriction of Excessive Authentication Attempts vulnerability in Rockwellautomation products
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-307
critical
9.8
2017-06-14 CVE-2017-7914 Missing Authorization vulnerability in Rockwellautomation Panelview Plus 6 700-1500 Firmware
A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023.
network
low complexity
rockwellautomation CWE-862
8.6
2017-05-19 CVE-2017-5176 Uncontrolled Search Path Element vulnerability in Rockwellautomation Connected Components Workbench 9.01.00
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW).
local
high complexity
rockwellautomation CWE-427
7.0
2017-05-06 CVE-2017-6024 Resource Exhaustion vulnerability in Rockwellautomation products
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011.
network
high complexity
rockwellautomation CWE-400
5.9
2017-02-13 CVE-2016-9343 Out-of-bounds Write vulnerability in Rockwellautomation products
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected).
network
low complexity
rockwellautomation CWE-787
critical
10.0
2017-02-13 CVE-2016-9338 Unspecified vulnerability in Rockwellautomation products
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions.
network
low complexity
rockwellautomation
2.7
2017-02-13 CVE-2016-9334 Unspecified vulnerability in Rockwellautomation products
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions.
network
low complexity
rockwellautomation
7.3
2016-09-19 CVE-2016-5814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
local
low complexity
rockwellautomation CWE-119
8.6
2016-08-24 CVE-2016-5645 Improper Access Control vulnerability in Rockwellautomation products
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community.
network
low complexity
rockwellautomation CWE-284
7.3