Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-2072 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. | 8.8 |
| 2023-06-13 | CVE-2023-2637 | Use of Hard-coded Credentials vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. | 8.2 |
| 2023-06-13 | CVE-2023-2778 | Resource Exhaustion vulnerability in Rockwellautomation Factorytalk Transaction Manager 13.00/13.10 A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. | 7.5 |
| 2023-05-11 | CVE-2023-2443 | Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager Rockwell Automation ThinManager product allows the use of medium strength ciphers. | 7.5 |
| 2023-05-11 | CVE-2023-2444 | Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. | 8.8 |
| 2023-05-11 | CVE-2023-29030 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 7.1 |
| 2023-05-11 | CVE-2023-29031 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. | 7.1 |
| 2023-05-09 | CVE-2023-29462 | Out-of-bounds Write vulnerability in Rockwellautomation Arena 16.00.00/16.20.01 An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. | 8.8 |
| 2023-03-22 | CVE-2023-27857 | Out-of-bounds Read vulnerability in Rockwellautomation Thinmanager In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. | 7.5 |
| 2023-03-22 | CVE-2023-27856 | Path Traversal vulnerability in Rockwellautomation Thinmanager In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. | 7.5 |