Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2019-13521 | Unspecified vulnerability in Rockwellautomation Arena A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. | 7.8 |
| 2020-01-27 | CVE-2019-13519 | Type Confusion vulnerability in Rockwellautomation Arena A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. | 7.8 |
| 2019-09-24 | CVE-2019-13527 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena In Rockwell Automation Arena Simulation Software Cat. | 7.8 |
| 2019-08-15 | CVE-2019-13510 | Use After Free vulnerability in Rockwellautomation Arena Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. | 7.8 |
| 2019-05-01 | CVE-2019-10954 | Unspecified vulnerability in Rockwellautomation products An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | 7.5 |
| 2019-03-27 | CVE-2018-19016 | Improper Input Validation vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. | 7.5 |
| 2019-03-26 | CVE-2013-2805 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. | 7.5 |
| 2019-03-26 | CVE-2013-2807 | Out-of-bounds Read vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. | 7.5 |
| 2019-03-26 | CVE-2013-2806 | Integer Overflow or Wraparound vulnerability in Rockwellautomation Rslinx Enterprise Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. | 7.5 |
| 2019-01-24 | CVE-2018-18981 | Out-of-bounds Write vulnerability in Rockwellautomation Factorytalk Services Platform In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. | 7.5 |