Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-10-27 | CVE-2023-27854 | Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. | 7.8 |
| 2023-10-27 | CVE-2023-27858 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. | 7.8 |
| 2023-10-27 | CVE-2023-46289 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk View Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. | 7.5 |
| 2023-10-27 | CVE-2023-46290 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . | 8.1 |
| 2023-10-13 | CVE-2023-29464 | Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Linx 6.20/6.30 FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. | 9.1 |
| 2023-09-20 | CVE-2023-2262 | Out-of-bounds Write vulnerability in Rockwellautomation products A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. | 9.8 |
| 2023-09-12 | CVE-2023-29463 | Improper Authentication vulnerability in Rockwellautomation Pavilion8 The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. | 5.4 |
| 2023-09-12 | CVE-2023-2071 | Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk View 13.0 Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. | 9.8 |
| 2023-08-17 | CVE-2023-2914 | Integer Overflow or Wraparound vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0 The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. | 7.5 |