Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-26 | CVE-2024-2929 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. | 7.8 |
| 2024-03-25 | CVE-2024-2425 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. | 7.5 |
| 2024-03-25 | CVE-2024-2426 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. | 7.5 |
| 2024-03-25 | CVE-2024-2427 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. | 7.5 |
| 2024-02-16 | CVE-2024-21915 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). | 8.8 |
| 2024-01-31 | CVE-2024-21916 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. | 7.5 |
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-10-27 | CVE-2023-27854 | Out-of-bounds Read vulnerability in Rockwellautomation Arena An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. | 7.8 |
| 2023-10-27 | CVE-2023-27858 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. | 7.8 |
| 2023-10-27 | CVE-2023-46289 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk View Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. | 7.5 |