Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-27854 Out-of-bounds Read vulnerability in Rockwellautomation Arena
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.
local
low complexity
rockwellautomation CWE-125
7.8
2023-10-27 CVE-2023-27858 Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.
local
low complexity
rockwellautomation CWE-824
7.8
2023-10-27 CVE-2023-46289 Improper Input Validation vulnerability in Rockwellautomation Factorytalk View
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline.
network
low complexity
rockwellautomation CWE-20
7.5
2023-10-27 CVE-2023-46290 Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform .
network
high complexity
rockwellautomation CWE-287
8.1
2023-10-13 CVE-2023-29464 Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Linx 6.20/6.30
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets.
network
low complexity
rockwellautomation CWE-787
critical
9.1
2023-09-20 CVE-2023-2262 Out-of-bounds Write vulnerability in Rockwellautomation products
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices.
network
low complexity
rockwellautomation CWE-787
critical
9.8
2023-09-12 CVE-2023-29463 Improper Authentication vulnerability in Rockwellautomation Pavilion8
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication.
network
low complexity
rockwellautomation CWE-287
5.4
2023-09-12 CVE-2023-2071 Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk View 13.0
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.
network
low complexity
rockwellautomation CWE-434
critical
9.8
2023-08-17 CVE-2023-2914 Integer Overflow or Wraparound vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products.
network
low complexity
rockwellautomation CWE-190
7.5
2023-08-17 CVE-2023-2915 Path Traversal vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function.
network
low complexity
rockwellautomation CWE-22
critical
9.1