Vulnerabilities > Rockwellautomation > High

DATE CVE VULNERABILITY TITLE RISK
2024-03-26 CVE-2024-21920 Out-of-bounds Read vulnerability in Rockwellautomation Arena
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries.
local
low complexity
rockwellautomation CWE-125
7.1
2024-03-26 CVE-2024-2929 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation.
local
low complexity
rockwellautomation CWE-787
7.8
2024-03-25 CVE-2024-2425 Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device.
network
low complexity
rockwellautomation
7.5
2024-03-25 CVE-2024-2426 Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device.
network
low complexity
rockwellautomation
7.5
2024-03-25 CVE-2024-2427 Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device.
network
low complexity
rockwellautomation
7.5
2024-02-16 CVE-2024-21915 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP).
network
low complexity
rockwellautomation CWE-732
8.8
2024-01-31 CVE-2024-21916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers.
network
low complexity
rockwellautomation CWE-119
7.5
2023-11-30 CVE-2023-5909 Improper Certificate Validation vulnerability in multiple products
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
7.5
2023-10-27 CVE-2023-27854 Out-of-bounds Read vulnerability in Rockwellautomation Arena
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.
local
low complexity
rockwellautomation CWE-125
7.8
2023-10-27 CVE-2023-27858 Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.
local
low complexity
rockwellautomation CWE-824
7.8