Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 6.8 |
| 2022-03-23 | CVE-2021-27472 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | 7.5 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 6.9 |
| 2022-03-23 | CVE-2021-27474 | Unspecified vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. | 5.0 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 6.8 |
| 2022-03-23 | CVE-2021-27476 | OS Command Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. | 7.5 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.3 |
| 2022-03-18 | CVE-2020-25178 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. | 9.3 |
| 2022-03-18 | CVE-2020-25180 | Use of Hard-coded Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. | 4.3 |
| 2022-03-18 | CVE-2020-25182 | Uncontrolled Search Path Element vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. | 4.6 |