Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Rockwellautomation Subscribe
Total 192 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6553 1 Rockwellautomation 1 Rslinx 2020-10-06 7.5 HIGH 9.8 CRITICAL
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.
CVE-2019-10952 1 Rockwellautomation 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more 2020-10-02 7.5 HIGH 9.8 CRITICAL
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.
CVE-2019-10970 1 Rockwellautomation 2 Panelview 5510, Panelview 5510 Firmware 2020-10-01 10.0 HIGH 9.8 CRITICAL
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
CVE-2018-0172 2 Cisco, Rockwellautomation 8 Ios, Ios Xe, Allen-bradley Armorstratix 5700 and 5 more 2020-09-04 7.8 HIGH 8.6 HIGH
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730.
CVE-2018-0155 2 Cisco, Rockwellautomation 13 Catalyst 4500-x Series Switches \(k10\), Catalyst 4500 Supervisor Engine 6-e \(k5\), Catalyst 4500 Supervisor Engine 6l-e \(k10\) and 10 more 2020-09-04 7.8 HIGH 8.6 HIGH
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.
CVE-2018-19616 1 Rockwellautomation 2 Powermonitor 1000, Powermonitor 1000 Firmware 2020-08-24 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
CVE-2019-13510 1 Rockwellautomation 1 Arena Simulation Software 2020-08-04 6.8 MEDIUM 7.8 HIGH
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.
CVE-2020-12033 1 Rockwellautomation 1 Factorytalk Services Platform 2020-07-06 5.8 MEDIUM 8.8 HIGH
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.
CVE-2020-12005 1 Rockwellautomation 2 Factorytalk Linx, Rslinx Classic 2020-06-24 7.8 HIGH 7.5 HIGH
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.
CVE-2020-12003 1 Rockwellautomation 2 Factorytalk Linx, Rslinx Classic 2020-06-24 5.0 MEDIUM 7.5 HIGH
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.
CVE-2020-11999 1 Rockwellautomation 2 Factorytalk Linx, Rslinx Classic 2020-06-24 5.5 MEDIUM 8.1 HIGH
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.
CVE-2020-12034 1 Rockwellautomation 5 Eds Subsystem, Rslinx, Rslinx Enterprise and 2 more 2020-05-22 4.8 MEDIUM 8.2 HIGH
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.
CVE-2020-6967 1 Rockwellautomation 1 Factorytalk Services Platform 2020-03-27 10.0 HIGH 9.8 CRITICAL
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.
CVE-2020-6990 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2020-03-20 10.0 HIGH 9.8 CRITICAL
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
CVE-2020-6984 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2020-03-20 5.0 MEDIUM 7.5 HIGH
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.
CVE-2020-6988 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2020-03-20 5.0 MEDIUM 7.5 HIGH
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.
CVE-2020-6980 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2020-03-20 2.1 LOW 3.3 LOW
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
CVE-2019-10955 1 Rockwellautomation 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more 2020-02-10 5.8 MEDIUM 6.1 MEDIUM
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
CVE-2013-2806 1 Rockwellautomation 1 Rslinx Enterprise 2020-02-10 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVE-2013-2805 1 Rockwellautomation 1 Rslinx Enterprise 2020-02-10 7.8 HIGH 7.5 HIGH
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599