Vulnerabilities > Rockwellautomation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-17 | CVE-2023-2915 | Path Traversal vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0 The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. | 9.1 |
| 2023-08-17 | CVE-2023-2917 | Path Traversal vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0 The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. | 9.8 |
| 2023-07-12 | CVE-2023-3595 | Out-of-bounds Write vulnerability in Rockwellautomation products Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. | 9.8 |
| 2023-07-11 | CVE-2023-2746 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Enhanced HIM 1.001 The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. | 9.6 |
| 2023-05-11 | CVE-2023-1834 | Unspecified vulnerability in Rockwellautomation Kinetix 5500 Firmware 7.13 Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | 9.1 |
| 2023-05-09 | CVE-2023-29460 | Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.00 An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. | 9.8 |
| 2023-05-09 | CVE-2023-29461 | Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.00 An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. | 9.8 |
| 2023-03-29 | CVE-2022-2825 | Stack-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.8 |
| 2023-03-29 | CVE-2022-2848 | Heap-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.1 |
| 2023-03-22 | CVE-2023-27855 | Path Traversal vulnerability in Rockwellautomation Thinmanager In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. | 9.8 |