Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2024-03-26 CVE-2024-21913 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation.
local
low complexity
rockwellautomation CWE-787
7.8
2024-03-26 CVE-2024-21918 Use After Free vulnerability in Rockwellautomation Arena
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation.
local
low complexity
rockwellautomation CWE-416
7.8
2024-03-26 CVE-2024-21919 Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly.
local
low complexity
rockwellautomation CWE-824
7.8
2024-03-26 CVE-2024-21920 Out-of-bounds Read vulnerability in Rockwellautomation Arena
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries.
local
low complexity
rockwellautomation CWE-125
7.1
2024-03-26 CVE-2024-2929 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation.
local
low complexity
rockwellautomation CWE-787
7.8
2024-02-16 CVE-2024-21915 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP).
network
low complexity
rockwellautomation CWE-732
8.8
2024-01-31 CVE-2024-21916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers.
network
low complexity
rockwellautomation CWE-119
7.5
2024-01-31 CVE-2024-21917 Improper Verification of Cryptographic Signature vulnerability in Rockwellautomation Factorytalk Services Platform
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory.
network
low complexity
rockwellautomation CWE-347
critical
9.1
2023-11-30 CVE-2023-5908 Classic Buffer Overflow vulnerability in multiple products
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
network
low complexity
ptc softwaretoolbox ge rockwellautomation CWE-120
critical
9.1
2023-11-30 CVE-2023-5909 Improper Certificate Validation vulnerability in multiple products
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5