Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2016-07-28 CVE-2016-4531 Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
network
low complexity
rockwellautomation CWE-285
7.3
2016-07-28 CVE-2016-4522 SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
rockwellautomation CWE-89
critical
9.8
2016-04-06 CVE-2016-2277 Improper Access Control vulnerability in Rockwellautomation Integrated Architecture Builder 9.6.0.7/9.7.0.0/9.7.0.1
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.
local
high complexity
rockwellautomation CWE-284
6.3
2016-03-02 CVE-2016-2279 Cross-site Scripting vulnerability in Rockwellautomation products
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
rockwellautomation CWE-79
6.1
2016-01-28 CVE-2016-0868 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.
network
low complexity
rockwellautomation CWE-119
critical
9.8