Vulnerabilities > Rockwellautomation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2018-0172 | Out-of-bounds Write vulnerability in Cisco IOS and IOS XE A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.8 |
| 2018-03-28 | CVE-2018-0155 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS and IOS XE A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. | 7.8 |
| 2018-01-09 | CVE-2017-16740 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. | 7.5 |
| 2017-06-14 | CVE-2017-7914 | Missing Authorization vulnerability in Rockwellautomation Panelview Plus 6 700-1500 Firmware A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. | 7.5 |
| 2017-05-06 | CVE-2017-6024 | Resource Exhaustion vulnerability in Rockwellautomation products A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. | 7.1 |
| 2017-02-13 | CVE-2016-9343 | Out-of-bounds Write vulnerability in Rockwellautomation products An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). | 7.5 |
| 2016-08-24 | CVE-2016-5645 | Improper Access Control vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. | 7.5 |
| 2016-07-28 | CVE-2016-4531 | Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
| 2016-07-28 | CVE-2016-4522 | SQL Injection vulnerability in Rockwellautomation Factorytalk Energrymetrix SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2015-10-28 | CVE-2015-6492 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | 7.8 |