Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-37367 | Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. | 7.5 |
| 2024-03-26 | CVE-2024-21912 | Out-of-bounds Write vulnerability in Rockwellautomation Arena An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. | 7.8 |
| 2024-03-26 | CVE-2024-21913 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. | 7.8 |
| 2024-03-26 | CVE-2024-21918 | Use After Free vulnerability in Rockwellautomation Arena A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. | 7.8 |
| 2024-03-26 | CVE-2024-21919 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. | 7.8 |
| 2024-03-26 | CVE-2024-21920 | Out-of-bounds Read vulnerability in Rockwellautomation Arena A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. | 7.1 |
| 2024-03-26 | CVE-2024-2929 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. | 7.8 |
| 2024-02-16 | CVE-2024-21915 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). | 8.8 |
| 2024-01-31 | CVE-2024-21916 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. | 7.5 |
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |