Filtered by vendor Rockwellautomation
Subscribe
Search
Total
167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27857 | 1 Rockwellautomation | 1 Thinmanager | 2024-01-09 | N/A | 7.5 HIGH |
| In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. | |||||
| CVE-2023-29023 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.1 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29024 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29025 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 5.9 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | |||||
| CVE-2023-29031 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 7.1 HIGH |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29030 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 7.1 HIGH |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-5908 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2023-12-06 | N/A | 9.1 CRITICAL |
| KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | |||||
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2023-12-06 | N/A | 7.5 HIGH |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
| CVE-2023-29462 | 1 Rockwellautomation | 1 Arena Simulation | 2023-11-15 | N/A | 8.8 HIGH |
| An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-2917 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 9.8 CRITICAL |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. | |||||
| CVE-2023-2915 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 9.1 CRITICAL |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. | |||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 7.5 HIGH |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. | |||||
| CVE-2023-2423 | 1 Rockwellautomation | 2 Armor Powerflex, Armor Powerflex Firmware | 2023-08-15 | N/A | 7.5 HIGH |
| A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. | |||||
| CVE-2023-2913 | 1 Rockwellautomation | 1 Thinmanager | 2023-07-27 | N/A | 6.5 MEDIUM |
| An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables. | |||||
| CVE-2023-2263 | 1 Rockwellautomation | 2 Kinetix 5700, Kinetix 5700 Firmware | 2023-07-27 | N/A | 7.5 HIGH |
| The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack. | |||||
| CVE-2021-27474 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre. | |||||
| CVE-2020-6084 | 1 Rockwellautomation | 1 Flex I\/o 1794-aent | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table. | |||||
| CVE-2020-6085 | 1 Rockwellautomation | 1 Flex I\/o 1794-aent | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field. | |||||
| CVE-2020-6086 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | |||||
| CVE-2020-6087 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | |||||
| CVE-2020-6083 | 1 Rockwellautomation | 2 Allen-bradley Flex Io 1794-aent\/b, Allen-bradley Flex Io 1794-aent\/b Firmware | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-2179 | 1 Rockwellautomation | 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more | 2022-07-27 | N/A | 6.5 MEDIUM |
| The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. | |||||
| CVE-2020-14504 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2022-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. | |||||
| CVE-2020-5802 | 1 Rockwellautomation | 1 Factorytalk Linx | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | |||||
| CVE-2020-13573 | 1 Rockwellautomation | 1 Rslinx | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2022-1118 | 1 Rockwellautomation | 3 Connected Component Workbench, Isagraf Workbench, Safety Instrumented Systems Workstation | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited | |||||
| CVE-2018-19615 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device. | |||||
| CVE-2020-6111 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 B Firmware | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2018-17924 | 1 Rockwellautomation | 32 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 29 more | 2022-05-02 | 7.8 HIGH | 8.6 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. | |||||
| CVE-2020-6088 | 1 Rockwellautomation | 2 Flex Io 1794-aent\/b, Flex Io 1794-aent\/b Firmware | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-12028 | 1 Rockwellautomation | 1 Factorytalk View | 2022-04-25 | 5.5 MEDIUM | 8.1 HIGH |
| In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. | |||||
| CVE-2021-22681 | 1 Rockwellautomation | 20 Compact Guardlogix 5370, Compact Guardlogix 5380, Compactlogix 1768 and 17 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | |||||
| CVE-2016-9343 | 1 Rockwellautomation | 32 1768 Compact Guardlogix L4xs Controller, 1768 Compact Guardlogix L4xs Controller Firmware, 1768 Compactlogix L4x Controller and 29 more | 2022-02-03 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. | |||||
| CVE-2020-12029 | 1 Rockwellautomation | 1 Factorytalk View | 2022-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. | |||||
| CVE-2020-12001 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2021-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. | |||||
| CVE-2019-13511 | 1 Rockwellautomation | 1 Arena Simulation Software | 2021-10-28 | 4.3 MEDIUM | 3.3 LOW |
| Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. | |||||
| CVE-2019-10954 | 1 Rockwellautomation | 10 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 7 more | 2021-10-28 | 7.8 HIGH | 7.5 HIGH |
| An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier. | |||||
| CVE-2020-12027 | 1 Rockwellautomation | 1 Factorytalk View | 2021-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. | |||||
| CVE-2020-12031 | 1 Rockwellautomation | 1 Factorytalk View | 2021-09-23 | 4.6 MEDIUM | 7.8 HIGH |
| In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. | |||||
| CVE-2020-12038 | 1 Rockwellautomation | 5 Eds Subsystem, Rslinx, Rslinx Enterprise and 2 more | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. | |||||
| CVE-2021-32926 | 1 Rockwellautomation | 4 Micro800, Micro800 Firmware, Micrologix 1400 and 1 more | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition | |||||
| CVE-2018-0163 | 2 Cisco, Rockwellautomation | 96 1120 Connected Grid Router, 1240 Connected Grid Router, 1905 Serial Integrated Services Router and 93 more | 2021-04-28 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. | |||||
| CVE-2020-10642 | 1 Rockwellautomation | 1 Rslinx Classic | 2021-04-02 | 7.2 HIGH | 7.8 HIGH |
| In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | |||||
| CVE-2021-22659 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 Firmware | 2021-03-31 | 7.5 HIGH | 8.6 HIGH |
| Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. | |||||
| CVE-2020-14516 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2021-03-26 | 7.5 HIGH | 10.0 CRITICAL |
| In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. | |||||
| CVE-2021-22665 | 1 Rockwellautomation | 2 Drivetools Add-on Profiles, Drivetools Sp | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | |||||
| CVE-2020-27265 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. | |||||
| CVE-2020-27267 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-5806 | 1 Rockwellautomation | 1 Factorytalk Linx | 2020-12-30 | 2.1 LOW | 5.5 MEDIUM |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | |||||