Filtered by vendor Rockwellautomation
Subscribe
Total
296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 7.7 HIGH |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2463 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 6.1 MEDIUM |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2179 | 1 Rockwellautomation | 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. | |||||
| CVE-2022-1161 | 1 Rockwellautomation | 48 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 45 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. | |||||
| CVE-2022-1159 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2024-11-21 | 6.5 MEDIUM | 7.7 HIGH |
| Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | |||||
| CVE-2022-1118 | 1 Rockwellautomation | 3 Connected Component Workbench, Isagraf Workbench, Safety Instrumented Systems Workstation | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited | |||||
| CVE-2022-1018 | 1 Rockwellautomation | 3 Connected Components Workbench, Isagraf, Safety Instrumented Systems Workstation | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. | |||||
| CVE-2021-33012 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 Firmware | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. | |||||
| CVE-2021-32926 | 1 Rockwellautomation | 4 Micro800, Micro800 Firmware, Micrologix 1400 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition | |||||
| CVE-2021-27476 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. | |||||
| CVE-2021-27475 | 1 Rockwellautomation | 1 Connected Components Workbench | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. | |||||
| CVE-2021-27474 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre. | |||||
| CVE-2021-27473 | 1 Rockwellautomation | 1 Connected Components Workbench | 2024-11-21 | 6.9 MEDIUM | 6.1 MEDIUM |
| Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-27471 | 1 Rockwellautomation | 1 Connected Components Workbench | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful. | |||||
| CVE-2021-27470 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27466 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27462 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||