Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-26 | CVE-2024-21919 | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. | 7.8 |
| 2024-03-26 | CVE-2024-21920 | Out-of-bounds Read vulnerability in Rockwellautomation Arena A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. | 7.1 |
| 2024-03-26 | CVE-2024-2929 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. | 7.8 |
| 2024-03-25 | CVE-2024-2425 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. | 7.5 |
| 2024-03-25 | CVE-2024-2426 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. | 7.5 |
| 2024-03-25 | CVE-2024-2427 | Unspecified vulnerability in Rockwellautomation Powerflex 527 AC Drives Firmware A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. | 7.5 |
| 2024-02-16 | CVE-2024-21915 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). | 8.8 |
| 2024-01-31 | CVE-2024-21916 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. | 7.5 |
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-10-27 | CVE-2023-27854 | Out-of-bounds Read vulnerability in Rockwellautomation Arena An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. | 7.8 |