Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-6435 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. | 8.8 |
| 2024-06-25 | CVE-2024-5990 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | 7.5 |
| 2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |
| 2024-06-14 | CVE-2024-37367 | Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. | 7.5 |
| 2024-06-14 | CVE-2024-37368 | Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0 A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. | 7.5 |
| 2024-04-15 | CVE-2024-2424 | Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011 An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. | 7.5 |
| 2024-04-15 | CVE-2024-3493 | Unspecified vulnerability in Rockwellautomation products A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. | 7.5 |
| 2024-03-26 | CVE-2024-21912 | Out-of-bounds Write vulnerability in Rockwellautomation Arena An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. | 7.8 |
| 2024-03-26 | CVE-2024-21913 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. | 7.8 |
| 2024-03-26 | CVE-2024-21918 | Use After Free vulnerability in Rockwellautomation Arena A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. | 7.8 |