Vulnerabilities > Rockwellautomation > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2024-6435 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges.
network
low complexity
rockwellautomation CWE-732
8.8
2024-06-25 CVE-2024-5990 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
network
low complexity
rockwellautomation
7.5
2024-06-14 CVE-2024-37369 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0
A privilege escalation vulnerability exists in the affected product.
network
low complexity
rockwellautomation CWE-732
8.8
2024-06-14 CVE-2024-37367 Improper Authentication vulnerability in Rockwellautomation Factorytalk View 12.0/13.0
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12.
network
low complexity
rockwellautomation CWE-287
7.5
2024-06-14 CVE-2024-37368 Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View 11.0/12.0/13.0
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE.
network
low complexity
rockwellautomation CWE-306
7.5
2024-04-15 CVE-2024-2424 Unspecified vulnerability in Rockwellautomation 5015-Aenftxt Firmware 2.011
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered.
network
low complexity
rockwellautomation
7.5
2024-04-15 CVE-2024-3493 Unspecified vulnerability in Rockwellautomation products
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR.
network
low complexity
rockwellautomation
7.5
2024-03-26 CVE-2024-21912 Out-of-bounds Write vulnerability in Rockwellautomation Arena
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software.
local
low complexity
rockwellautomation CWE-787
7.8
2024-03-26 CVE-2024-21913 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation.
local
low complexity
rockwellautomation CWE-787
7.8
2024-03-26 CVE-2024-21918 Use After Free vulnerability in Rockwellautomation Arena
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation.
local
low complexity
rockwellautomation CWE-416
7.8