Vulnerabilities > Rockwellautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-2179 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. | 6.5 |
| 2022-06-02 | CVE-2022-1797 | Resource Exhaustion vulnerability in Rockwellautomation products A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. | 8.6 |
| 2022-05-17 | CVE-2022-1118 | Deserialization of Untrusted Data vulnerability in Rockwellautomation products Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. | 7.8 |
| 2022-04-11 | CVE-2022-1161 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. | 9.8 |
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 8.8 |
| 2022-04-01 | CVE-2022-1018 | XXE vulnerability in Rockwellautomation products When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. | 5.5 |
| 2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 7.2 |
| 2022-03-23 | CVE-2021-27460 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. | 9.8 |
| 2022-03-23 | CVE-2021-27462 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27464 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |