An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Max CVSS
9.8
EPSS Score
0.07%
Published
2024-01-31
Updated
2024-02-08
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
Max CVSS
8.6
EPSS Score
0.05%
Published
2024-01-31
Updated
2024-02-08
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
Max CVSS
9.1
EPSS Score
0.07%
Published
2023-10-13
Updated
2023-10-20
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-09-12
Updated
2023-09-15
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.
Max CVSS
8.8
EPSS Score
0.25%
Published
2023-05-09
Updated
2023-11-15
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.
Max CVSS
9.8
EPSS Score
0.20%
Published
2023-05-09
Updated
2023-05-16
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
Max CVSS
9.8
EPSS Score
0.20%
Published
2023-05-09
Updated
2023-05-16
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-05-11
Updated
2023-12-20
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-05-11
Updated
2023-12-20
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
Max CVSS
7.0
EPSS Score
0.04%
Published
2023-05-11
Updated
2023-12-20
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-03-22
Updated
2024-01-09
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-03-22
Updated
2023-03-24
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Max CVSS
9.8
EPSS Score
0.18%
Published
2023-03-22
Updated
2023-03-24
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-11-30
Updated
2023-12-06
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
Max CVSS
9.1
EPSS Score
0.07%
Published
2023-11-30
Updated
2023-12-06
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
Max CVSS
7.5
EPSS Score
0.04%
Published
2023-07-12
Updated
2023-07-20
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-07-12
Updated
2023-07-25
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-08-17
Updated
2023-08-23
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
Max CVSS
9.1
EPSS Score
0.09%
Published
2023-08-17
Updated
2023-08-23
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-08-17
Updated
2023-08-23
189 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!