Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-27854 | Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. | 7.8 |
| 2023-10-27 | CVE-2023-27858 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. | 7.8 |
| 2023-10-27 | CVE-2023-46289 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk View Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. | 7.5 |
| 2023-10-27 | CVE-2023-46290 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Services Platform Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . | 8.1 |
| 2023-08-17 | CVE-2023-2914 | Integer Overflow or Wraparound vulnerability in Rockwellautomation Thinmanager Thinserver 13.1.0 The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. | 7.5 |
| 2023-08-08 | CVE-2023-2423 | Incorrect Calculation vulnerability in Rockwellautomation Armor Powerflex Firmware A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. | 7.5 |
| 2023-07-18 | CVE-2023-2263 | Resource Exhaustion vulnerability in Rockwellautomation Kinetix 5700 Firmware 13.001 The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. | 7.5 |
| 2023-07-12 | CVE-2023-3596 | Out-of-bounds Write vulnerability in Rockwellautomation products Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. | 7.5 |
| 2023-07-11 | CVE-2023-2072 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. | 8.8 |
| 2023-06-13 | CVE-2023-2637 | Use of Hard-coded Credentials vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. | 8.2 |