Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 7.5 |
| 2020-11-26 | CVE-2020-27253 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. | 7.8 |
| 2020-11-26 | CVE-2020-27251 | Heap-based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. | 7.5 |
| 2020-10-19 | CVE-2020-6085 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.8 |
| 2020-10-19 | CVE-2020-6084 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.8 |
| 2020-10-14 | CVE-2020-6087 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. | 7.8 |
| 2020-10-14 | CVE-2020-6086 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. | 7.8 |
| 2020-06-15 | CVE-2020-12005 | Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.8 |
| 2020-06-15 | CVE-2020-12001 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.5 |
| 2020-04-13 | CVE-2020-10642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Rslinx Classic 4.11.00 In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | 7.2 |