Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2022-3157 | Unspecified vulnerability in Rockwellautomation products A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | 7.5 |
| 2022-12-16 | CVE-2022-3166 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. | 7.5 |
| 2022-10-27 | CVE-2022-38744 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. | 7.5 |
| 2022-10-17 | CVE-2022-3158 | SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. | 8.8 |
| 2022-10-17 | CVE-2022-38743 | Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. | 8.8 |
| 2022-06-02 | CVE-2022-1797 | Resource Exhaustion vulnerability in Rockwellautomation products A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. | 7.8 |
| 2022-04-11 | CVE-2022-1161 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. | 7.5 |
| 2022-03-23 | CVE-2021-27460 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. | 7.5 |
| 2022-03-23 | CVE-2021-27462 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 7.5 |
| 2022-03-23 | CVE-2021-27464 | SQL Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. | 7.5 |