Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-6325 | Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0 The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. | 6.5 |
| 2024-07-16 | CVE-2024-6326 | Incorrect Default Permissions vulnerability in Rockwellautomation products An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. | 5.5 |
| 2024-07-16 | CVE-2024-6435 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. | 8.8 |
| 2024-06-25 | CVE-2024-5988 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-06-25 | CVE-2024-5989 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-06-25 | CVE-2024-5990 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | 7.5 |
| 2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |
| 2024-06-14 | CVE-2024-37367 | Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. | 7.5 |
| 2024-06-14 | CVE-2024-37368 | Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. | 7.5 |
| 2024-05-16 | CVE-2024-4609 | SQL Injection vulnerability in Rockwellautomation Factorytalk View 10.0 A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. | 9.8 |