Vulnerabilities > Rockwellautomation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 6.8 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 6.9 |
| 2022-03-23 | CVE-2021-27474 | Unspecified vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. | 5.0 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 6.8 |
| 2022-03-18 | CVE-2020-25180 | Use of Hard-coded Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. | 4.3 |
| 2022-03-18 | CVE-2020-25182 | Uncontrolled Search Path Element vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. | 4.6 |
| 2022-03-18 | CVE-2020-25184 | Insufficiently Protected Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. | 5.5 |
| 2022-02-24 | CVE-2020-14478 | XXE vulnerability in Rockwellautomation Factorytalk Services Platform A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. | 5.6 |
| 2022-02-24 | CVE-2020-14502 | Cross-site Scripting vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. | 4.3 |
| 2022-02-24 | CVE-2020-14504 | Improper Authentication vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. | 5.0 |