Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-45826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0 CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. | 8.8 |
| 2024-08-14 | CVE-2024-40619 | Improper Check for Unusual or Exceptional Conditions vulnerability in Rockwellautomation products CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. | 7.5 |
| 2024-08-14 | CVE-2024-40620 | Missing Encryption of Sensitive Data vulnerability in Rockwellautomation Pavilion8 5.20.00 CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. | 7.5 |
| 2024-08-14 | CVE-2024-7513 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 13.0/14.0 CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. | 8.8 |
| 2024-07-16 | CVE-2024-6089 | Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011 An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. | 7.5 |
| 2024-07-16 | CVE-2024-6435 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. | 8.8 |
| 2024-06-25 | CVE-2024-5990 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | 7.5 |
| 2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |
| 2024-06-14 | CVE-2024-37367 | Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. | 7.5 |
| 2024-06-14 | CVE-2024-37368 | Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. | 7.5 |