Vulnerabilities > Rockwellautomation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-33012 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. | 5.0 |
| 2021-02-04 | CVE-2020-6088 | Classic Buffer Overflow vulnerability in Rockwellautomation Flex IO 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 5.0 |
| 2021-01-14 | CVE-2020-27267 | Out-of-bounds Write vulnerability in multiple products KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. | 6.4 |
| 2021-01-14 | CVE-2020-27263 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. | 6.4 |
| 2021-01-07 | CVE-2020-13573 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx 2.57.00.14 A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. | 5.0 |
| 2020-12-29 | CVE-2020-5807 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Diagnostics 6.11 An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. | 5.0 |
| 2020-12-29 | CVE-2020-5802 | Allocation of Resources Without Limits or Throttling vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. | 5.0 |
| 2020-12-29 | CVE-2020-5801 | Improper Handling of Exceptional Conditions vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. | 5.0 |
| 2020-12-03 | CVE-2020-6111 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 B Firmware An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. | 5.0 |
| 2020-11-26 | CVE-2020-27255 | Heap-based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. | 5.0 |