Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-24 | CVE-2016-5645 | Improper Access Control vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. | 7.3 |
| 2016-07-28 | CVE-2016-4531 | Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00 Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.3 |
| 2016-07-28 | CVE-2016-4522 | SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00 SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-04-06 | CVE-2016-2277 | Improper Access Control vulnerability in Rockwellautomation Integrated Architecture Builder 9.6.0.7/9.7.0.0/9.7.0.1 IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | 6.3 |
| 2016-03-02 | CVE-2016-2279 | Cross-site Scripting vulnerability in Rockwellautomation products Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-01-28 | CVE-2016-0868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. | 9.8 |