Filtered by vendor Rockwellautomation
Subscribe
Total
336 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11157 | 1 Rockwellautomation | 1 Arena | 2025-03-13 | N/A | 7.3 HIGH |
| A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-7515 | 1 Rockwellautomation | 12 Compact Guardlogix 5380 Sil 2, Compact Guardlogix 5380 Sil 2 Firmware, Compact Guardlogix 5380 Sil 3 and 9 more | 2025-03-04 | N/A | 7.5 HIGH |
| CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | |||||
| CVE-2024-7507 | 1 Rockwellautomation | 12 Compact Guardlogix 5380 Sil 2, Compact Guardlogix 5380 Sil 2 Firmware, Compact Guardlogix 5380 Sil 3 and 9 more | 2025-03-04 | N/A | 6.5 MEDIUM |
| CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | |||||
| CVE-2024-3493 | 1 Rockwellautomation | 16 1756-en4tr, 1756-en4tr Firmware, Compact Guardlogix 5380 and 13 more | 2025-03-04 | N/A | 8.6 HIGH |
| A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. | |||||
| CVE-2024-5659 | 1 Rockwellautomation | 12 1756-en4, 1756-en4 Firmware, Compact Guardlogix 5380 and 9 more | 2025-03-03 | N/A | 6.5 MEDIUM |
| Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised. | |||||
| CVE-2024-7986 | 1 Rockwellautomation | 1 Thinmanager | 2025-03-03 | N/A | 7.5 HIGH |
| A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory. | |||||
| CVE-2024-37365 | 1 Rockwellautomation | 1 Factorytalk View | 2025-02-27 | N/A | 7.3 HIGH |
| A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | |||||
| CVE-2024-8626 | 1 Rockwellautomation | 12 1756-en4tr, 1756-en4tr Firmware, Compact Guardlogix 5380 and 9 more | 2025-02-27 | N/A | 7.5 HIGH |
| Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. | |||||
| CVE-2024-2424 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2025-02-25 | N/A | 7.5 HIGH |
| An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | |||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | |||||
| CVE-2022-2825 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411. | |||||
| CVE-2024-37369 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | |||||
| CVE-2024-37368 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 7.5 HIGH |
| A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | |||||
| CVE-2024-2427 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. | |||||
| CVE-2024-2426 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. | |||||
| CVE-2024-2425 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it. | |||||
| CVE-2024-7513 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 8.8 HIGH |
| CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. | |||||
| CVE-2024-45824 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 9.8 CRITICAL |
| CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | |||||
| CVE-2024-40620 | 1 Rockwellautomation | 1 Pavilion8 | 2025-01-31 | N/A | 7.5 HIGH |
| CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. | |||||
| CVE-2024-40619 | 1 Rockwellautomation | 4 Controllogix 5580, Controllogix 5580 Firmware, Guardlogix 5580 and 1 more | 2025-01-31 | N/A | 7.5 HIGH |
| CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. | |||||