Vulnerabilities > Rockwellautomation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-27855 | Path Traversal vulnerability in Rockwellautomation Thinmanager In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. | 9.8 |
| 2023-02-23 | CVE-2023-0754 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2023-02-23 | CVE-2023-0755 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2022-09-23 | CVE-2022-38742 | Out-of-bounds Write vulnerability in Rockwellautomation Thinmanager Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. | 9.8 |
| 2022-04-11 | CVE-2022-1161 | Unspecified vulnerability in Rockwellautomation products An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. | 9.8 |
| 2022-03-23 | CVE-2021-27460 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. | 9.8 |
| 2022-03-23 | CVE-2021-27462 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27464 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |
| 2022-03-23 | CVE-2021-27466 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27468 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 9.8 |