Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-05 | CVE-2024-11156 | Out-of-bounds Write vulnerability in Rockwellautomation Arena An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. | 7.8 |
| 2024-12-05 | CVE-2024-12130 | Out-of-bounds Read vulnerability in Rockwellautomation Arena An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. | 7.8 |
| 2024-10-25 | CVE-2024-10387 | Unspecified vulnerability in Rockwellautomation Thinmanager CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. | 7.5 |
| 2024-10-14 | CVE-2024-6207 | Unspecified vulnerability in Rockwellautomation products CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. | 7.5 |
| 2024-09-12 | CVE-2024-6077 | Unspecified vulnerability in Rockwellautomation products A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. | 7.5 |
| 2024-09-12 | CVE-2024-8533 | Incorrect Default Permissions vulnerability in Rockwellautomation products A privilege escalation vulnerability exists in the Rockwell Automation affected products. | 8.8 |
| 2024-09-12 | CVE-2024-45825 | Unspecified vulnerability in Rockwellautomation 5015-U8Ihft Firmware 1.011/1.012 CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. | 7.5 |
| 2024-09-12 | CVE-2024-45826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0 CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. | 8.8 |
| 2024-07-16 | CVE-2024-6089 | Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011 An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. | 7.5 |
| 2024-06-25 | CVE-2024-5990 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | 7.5 |