Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-2778 | Resource Exhaustion vulnerability in Rockwellautomation Factorytalk Transaction Manager A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. | 7.5 |
| 2023-05-11 | CVE-2023-2443 | Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager Rockwell Automation ThinManager product allows the use of medium strength ciphers. | 7.5 |
| 2023-05-11 | CVE-2023-2444 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. | 8.8 |
| 2023-05-11 | CVE-2023-29030 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 7.1 |
| 2023-05-11 | CVE-2023-29031 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 7.1 |
| 2023-05-09 | CVE-2023-29462 | Out-of-bounds Write vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.01 An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. | 8.8 |
| 2023-03-22 | CVE-2023-27857 | Out-of-bounds Read vulnerability in Rockwellautomation Thinmanager In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. | 7.5 |
| 2023-03-22 | CVE-2023-27856 | Path Traversal vulnerability in Rockwellautomation Thinmanager In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. | 7.5 |
| 2022-12-27 | CVE-2022-3156 | Improper Authentication vulnerability in Rockwellautomation Studio 5000 Logix Emulate 20.011/33.00 A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | 7.8 |
| 2022-12-19 | CVE-2022-3752 | Unspecified vulnerability in Rockwellautomation products An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. | 7.5 |