Vulnerabilities > Rockwellautomation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2020-25184 | Insufficiently Protected Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. | 5.5 |
| 2022-02-24 | CVE-2020-14480 | Cleartext Storage of Sensitive Information vulnerability in Rockwellautomation Factorytalk View 10.0 Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. | 5.5 |
| 2022-02-24 | CVE-2020-14502 | Cross-site Scripting vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. | 6.1 |
| 2022-02-24 | CVE-2020-14504 | Improper Authentication vulnerability in Rockwellautomation products The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. | 5.3 |
| 2020-12-29 | CVE-2020-5806 | Allocation of Resources Without Limits or Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. | 5.5 |
| 2020-07-20 | CVE-2020-12027 | Unspecified vulnerability in Rockwellautomation Factorytalk View All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. | 4.3 |
| 2020-05-19 | CVE-2020-12038 | Out-of-bounds Write vulnerability in Rockwellautomation products Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. | 5.5 |
| 2019-04-25 | CVE-2019-10955 | Open Redirect vulnerability in Rockwellautomation products In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | 6.1 |
| 2018-12-26 | CVE-2018-19615 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. | 6.1 |
| 2018-05-14 | CVE-2018-8843 | Use After Free vulnerability in Rockwellautomation Arena Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data.. | 5.5 |