Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-2639 Origin Validation Error vulnerability in Rockwellautomation products
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.  This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device.
network
low complexity
rockwellautomation CWE-346
4.7
2023-06-13 CVE-2023-2778 Resource Exhaustion vulnerability in Rockwellautomation Factorytalk Transaction Manager 13.00/13.10
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager.
network
low complexity
rockwellautomation CWE-400
7.5
2023-05-11 CVE-2023-1834 Unspecified vulnerability in Rockwellautomation Kinetix 5500 Firmware 7.13
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the device through the open ports.
network
low complexity
rockwellautomation
critical
9.1
2023-05-11 CVE-2023-2443 Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager
Rockwell Automation ThinManager product allows the use of medium strength ciphers.
network
low complexity
rockwellautomation CWE-326
7.5
2023-05-11 CVE-2023-2444 Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint.
network
low complexity
rockwellautomation CWE-352
8.8
2023-05-11 CVE-2023-29022 Cross-site Scripting vulnerability in Rockwellautomation products
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.
network
low complexity
rockwellautomation CWE-79
5.9
2023-05-11 CVE-2023-29023 Cross-site Scripting vulnerability in Rockwellautomation products
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.
network
low complexity
rockwellautomation CWE-79
6.1
2023-05-11 CVE-2023-29024 Cross-site Scripting vulnerability in Rockwellautomation products
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.
network
low complexity
rockwellautomation CWE-79
6.5
2023-05-11 CVE-2023-29025 Cross-site Scripting vulnerability in Rockwellautomation products
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.
network
low complexity
rockwellautomation CWE-79
5.9
2023-05-11 CVE-2023-29026 Cross-site Scripting vulnerability in Rockwellautomation products
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.
network
low complexity
rockwellautomation CWE-79
5.9