Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-5990 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | 7.5 |
| 2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |
| 2024-06-14 | CVE-2024-5659 | Unspecified vulnerability in Rockwellautomation products Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). low complexity rockwellautomation | 6.5 |
| 2024-06-14 | CVE-2024-37367 | Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. | 7.5 |
| 2024-06-14 | CVE-2024-37368 | Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. | 7.5 |
| 2024-05-16 | CVE-2024-4609 | SQL Injection vulnerability in Rockwellautomation Factorytalk View 10.0 A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. | 9.8 |
| 2024-04-15 | CVE-2024-2424 | Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011 An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. | 7.5 |
| 2024-04-15 | CVE-2024-3493 | Unspecified vulnerability in Rockwellautomation products A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. | 7.5 |
| 2024-03-26 | CVE-2024-21912 | Out-of-bounds Write vulnerability in Rockwellautomation Arena An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. | 7.8 |
| 2024-03-26 | CVE-2024-21913 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. | 7.8 |