Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2022-3166 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. | 7.5 |
| 2022-10-27 | CVE-2022-38744 | Improper Authentication vulnerability in Rockwellautomation Factorytalk Alarms and Events An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. | 7.5 |
| 2022-10-17 | CVE-2022-3158 | SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. | 8.8 |
| 2022-10-17 | CVE-2022-38743 | Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. | 8.8 |
| 2022-08-25 | CVE-2022-2463 | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. | 7.8 |
| 2022-08-25 | CVE-2022-2464 | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. | 7.8 |
| 2022-08-25 | CVE-2022-2465 | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. | 7.8 |
| 2022-07-27 | CVE-2020-6998 | Improper Input Validation vulnerability in Rockwellautomation products The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. | 8.6 |
| 2022-06-02 | CVE-2022-1797 | Unspecified vulnerability in Rockwellautomation products A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. | 8.6 |
| 2022-05-17 | CVE-2022-1118 | Unspecified vulnerability in Rockwellautomation products Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. | 7.8 |