Vulnerabilities > Rockwellautomation > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-26 CVE-2018-19615 Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions.
network
low complexity
rockwellautomation CWE-79
6.1
2018-05-14 CVE-2018-8843 Use After Free vulnerability in Rockwellautomation Arena
Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..
local
low complexity
rockwellautomation CWE-416
5.5
2018-04-05 CVE-2017-12093 Resource Exhaustion vulnerability in Rockwellautomation Micrologix 1400 B Firmware
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before.
network
low complexity
rockwellautomation CWE-400
5.3
2017-05-06 CVE-2017-6024 Resource Exhaustion vulnerability in Rockwellautomation products
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011.
network
high complexity
rockwellautomation CWE-400
5.9
2016-04-06 CVE-2016-2277 Improper Access Control vulnerability in Rockwellautomation Integrated Architecture Builder 9.6.0.7/9.7.0.0/9.7.0.1
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.
local
high complexity
rockwellautomation CWE-284
6.3
2016-03-02 CVE-2016-2279 Cross-site Scripting vulnerability in Rockwellautomation products
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
rockwellautomation CWE-79
6.1