Vulnerabilities > Rockwellautomation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-29026 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |
| 2023-05-11 | CVE-2023-29027 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |
| 2023-05-11 | CVE-2023-29028 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |
| 2023-05-11 | CVE-2023-29029 | Cross-site Scripting vulnerability in Rockwellautomation products A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. | 5.9 |
| 2023-03-17 | CVE-2023-0027 | Information Exposure vulnerability in Rockwellautomation Modbus TCP Server ADD on Instructions 2.00.00/2.00.03 Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. | 4.3 |
| 2022-12-16 | CVE-2022-46670 | Cross-site Scripting vulnerability in Rockwellautomation products Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. | 6.1 |
| 2022-05-17 | CVE-2022-1118 | Deserialization of Untrusted Data vulnerability in Rockwellautomation products Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. | 6.8 |
| 2022-04-01 | CVE-2021-32960 | Incorrect Authorization vulnerability in Rockwellautomation Factorytalk Services Platform Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. | 6.0 |
| 2022-04-01 | CVE-2022-1018 | XXE vulnerability in Rockwellautomation products When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. | 4.3 |
| 2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 6.5 |