Vulnerabilities > Rockwellautomation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-10386 | Unspecified vulnerability in Rockwellautomation Thinmanager CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. | 9.8 |
| 2024-09-12 | CVE-2024-7960 | Unspecified vulnerability in Rockwellautomation Pavilion8 5.20 The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. | 9.1 |
| 2024-09-12 | CVE-2024-7961 | Path Traversal vulnerability in Rockwellautomation Pavilion8 5.20 A path traversal vulnerability exists in the Rockwell Automation affected product. | 9.8 |
| 2024-09-12 | CVE-2024-45823 | Unspecified vulnerability in Rockwellautomation Factorytalk Batch View 2.01.00 CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. | 9.8 |
| 2024-09-12 | CVE-2024-45824 | Command Injection vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. | 9.8 |
| 2024-06-25 | CVE-2024-5988 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-06-25 | CVE-2024-5989 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-05-16 | CVE-2024-4609 | SQL Injection vulnerability in Rockwellautomation Factorytalk View 10.0 A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. | 9.8 |
| 2024-01-31 | CVE-2024-21917 | Improper Verification of Cryptographic Signature vulnerability in Rockwellautomation Factorytalk Services Platform A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. | 9.1 |
| 2023-11-30 | CVE-2023-5908 | Classic Buffer Overflow vulnerability in multiple products KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | 9.1 |