Vulnerabilities > Rockwellautomation

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-27857 Out-of-bounds Read vulnerability in Rockwellautomation Thinmanager
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
network
low complexity
rockwellautomation CWE-125
7.5
2023-03-22 CVE-2023-27855 Path Traversal vulnerability in Rockwellautomation Thinmanager
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer.
network
low complexity
rockwellautomation CWE-22
critical
9.8
2023-03-22 CVE-2023-27856 Path Traversal vulnerability in Rockwellautomation Thinmanager
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer.
network
low complexity
rockwellautomation CWE-22
7.5
2023-03-17 CVE-2023-0027 Information Exposure vulnerability in Rockwellautomation Modbus TCP Server ADD on Instructions 2.00.00/2.00.03
Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request.
network
low complexity
rockwellautomation CWE-200
4.3
2023-02-23 CVE-2023-0754 The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge
critical
9.8
2023-02-23 CVE-2023-0755 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge
critical
9.8
2022-12-27 CVE-2022-3156 Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.  Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
local
low complexity
rockwellautomation CWE-287
7.8
2022-12-19 CVE-2022-3752 Unspecified vulnerability in Rockwellautomation products
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault.
network
low complexity
rockwellautomation
7.5
2022-12-16 CVE-2022-3157 Unspecified vulnerability in Rockwellautomation products
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
network
low complexity
rockwellautomation
7.5
2022-12-16 CVE-2022-46670 Cross-site Scripting vulnerability in Rockwellautomation products
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.
network
low complexity
rockwellautomation CWE-79
6.1