Vulnerabilities > Rockwellautomation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-28 | CVE-2015-6486 | SQL Injection vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-05-31 | CVE-2015-1010 | Cryptographic Issues vulnerability in Rockwellautomation Rsview32 Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. | 4.9 |
| 2015-05-17 | CVE-2014-9204 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Rslinx Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. | 6.9 |
| 2015-03-31 | CVE-2014-9209 | Unspecified vulnerability in Rockwellautomation products Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. local rockwellautomation | 6.9 |
| 2014-02-05 | CVE-2014-0755 | Credentials Management vulnerability in Rockwellautomation Rslogix 5000 Design and Configuration Software Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. | 6.9 |
| 2013-01-24 | CVE-2012-6441 | Information Exposure vulnerability in Rockwellautomation products Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. | 5.0 |
| 2012-04-02 | CVE-2012-0222 | Buffer Errors vulnerability in Rockwellautomation Factorytalk and Rslogix 5000 The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. | 5.0 |
| 2012-04-02 | CVE-2012-0221 | Improper Input Validation vulnerability in Rockwellautomation Factorytalk and Rslogix 5000 The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. | 5.0 |
| 2011-09-16 | CVE-2011-3489 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation Rslogix RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. | 5.0 |
| 2011-07-28 | CVE-2011-2957 | Remote Code Execution vulnerability in Rockwellautomation Factorytalk Diagnostics Viewer 2.10/2.10.01 Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption. local rockwellautomation | 6.9 |