Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-2638 | Improper Authentication vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. | 5.0 |
| 2023-06-13 | CVE-2023-2639 | Origin Validation Error vulnerability in Rockwellautomation products The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. | 4.7 |
| 2023-06-13 | CVE-2023-2778 | Resource Exhaustion vulnerability in Rockwellautomation Factorytalk Transaction Manager 13.00/13.10 A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. | 7.5 |
| 2023-05-11 | CVE-2023-1834 | Unspecified vulnerability in Rockwellautomation Kinetix 5500 Firmware 7.13 Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | 9.1 |
| 2023-05-11 | CVE-2023-2443 | Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager Rockwell Automation ThinManager product allows the use of medium strength ciphers. | 7.5 |
| 2023-05-11 | CVE-2023-2444 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. | 8.8 |
| 2023-05-11 | CVE-2023-29022 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |
| 2023-05-11 | CVE-2023-29023 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 6.1 |
| 2023-05-11 | CVE-2023-29024 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 6.5 |
| 2023-05-11 | CVE-2023-29025 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |