Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-33012 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. | 8.6 |
| 2021-06-03 | CVE-2021-32926 | Unspecified vulnerability in Rockwellautomation Micro800 Firmware and Micrologix 1400 Firmware When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. | 7.5 |
| 2021-03-25 | CVE-2021-22659 | Unspecified vulnerability in Rockwellautomation Micrologix 1400 Firmware 21.0/21.6 Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. | 8.6 |
| 2021-03-18 | CVE-2021-22665 | Unspecified vulnerability in Rockwellautomation Drivetools Add-On Profiles and Drivetools SP Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | 7.8 |
| 2021-02-04 | CVE-2020-6088 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex IO 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.5 |
| 2021-01-07 | CVE-2020-13573 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx 2.57.00.14 A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. | 7.5 |
| 2020-12-29 | CVE-2020-5807 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Diagnostics 6.11 An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. | 7.5 |
| 2020-12-29 | CVE-2020-5802 | Allocation of Resources Without Limits or Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. | 7.5 |
| 2020-12-29 | CVE-2020-5801 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. | 7.5 |
| 2020-12-03 | CVE-2020-6111 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 B Firmware An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. | 7.5 |