Vulnerabilities > Rockwellautomation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-23 | CVE-2023-0754 | Integer Overflow or Wraparound vulnerability in multiple products The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2023-02-23 | CVE-2023-0755 | Improper Validation of Array Index vulnerability in multiple products The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.3 |
| 2022-03-18 | CVE-2020-25178 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. | 9.3 |
| 2020-03-23 | CVE-2020-6967 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Services Platform In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. | 10.0 |
| 2020-03-16 | CVE-2020-6990 | Use of Hard-coded Credentials vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. | 10.0 |
| 2019-07-11 | CVE-2019-10970 | Improper Access Control vulnerability in Rockwellautomation Panelview 5510 Firmware In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. | 10.0 |
| 2019-05-01 | CVE-2019-10952 | Resource Exhaustion vulnerability in Rockwellautomation products An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. | 9.8 |
| 2019-04-04 | CVE-2018-19282 | Resource Exhaustion vulnerability in Rockwellautomation Powerflex 525 AC Drives Firmware Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. | 10.0 |
| 2018-04-05 | CVE-2017-14468 | Unspecified vulnerability in Rockwellautomation Micrologix 1400 B Firmware An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. | 9.8 |