HOMEVULNERABILITIESVENDORSRockwellautomation

RockwellautomationCVEs & Vulnerabilities

340 CVEs affecting Rockwellautomation products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

arena 49rslinx enterprise 35micrologix 1400 28factorytalk linx 23thinmanager 23micrologix 1400 b firmware 22factorytalk view 20controllogix 5580 firmware 18
CVE-2024-12130HIGH

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

5 Dec 2024
7.8
CVSS
CVE-2024-11158MEDIUM

An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

5 Dec 2024
6.7
CVSS
CVE-2024-11156HIGH

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

5 Dec 2024
7.8
CVSS
CVE-2024-11155HIGH

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

5 Dec 2024
7.8
CVSS
CVE-2024-37365HIGH

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.

12 Nov 2024
7.8
CVSS
CVE-2024-10387HIGH

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.

25 Oct 2024
7.5
CVSS
CVE-2024-10386CRITICAL

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.

25 Oct 2024
9.8
CVSS
CVE-2024-6207HIGH

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

15 Oct 2024
7.5
CVSS
CVE-2024-7847HIGH

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

14 Oct 2024
7.8
CVSS
CVE-2024-9124HIGH

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

8 Oct 2024
7.5
CVSS
CVE-2024-8626HIGH

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.

8 Oct 2024
7.5
CVSS
CVE-2024-6436MEDIUM

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.

27 Sep 2024
6.5
CVSS
CVE-2024-7961CRITICAL

A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.

13 Sep 2024
9.8
CVSS
CVE-2024-7960CRITICAL

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

13 Sep 2024
9.1
CVSS
CVE-2024-8533HIGH

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.

12 Sep 2024
8.8
CVSS
CVE-2024-6077HIGH

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

12 Sep 2024
7.5
CVSS
CVE-2024-45826HIGH

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

12 Sep 2024
8.8
CVSS
CVE-2024-45825HIGH

CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

12 Sep 2024
7.5
CVSS
CVE-2024-45823CRITICAL

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.

12 Sep 2024
9.8
CVSS
CVE-2024-45824CRITICAL

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.

12 Sep 2024
9.8
CVSS
CVE-2024-7988CRITICAL

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.

26 Aug 2024
9.8
CVSS
CVE-2024-7987HIGH

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.

26 Aug 2024
7.8
CVSS
CVE-2024-7986HIGH

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

23 Aug 2024
7.5
CVSS
CVE-2024-7515HIGH

CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.

14 Aug 2024
7.5
CVSS
CVE-2024-7513HIGH

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.

14 Aug 2024
8.8
CVSS
CVE-2024-7507MEDIUM

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.

14 Aug 2024
6.5
CVSS
CVE-2024-40620HIGH

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.

14 Aug 2024
7.5
CVSS
CVE-2024-40619HIGH

CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

14 Aug 2024
7.5
CVSS
CVE-2024-6326MEDIUM

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

16 Jul 2024
5.5
CVSS
CVE-2024-6325MEDIUM

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

16 Jul 2024
6.5
CVSS
CVE-2024-6089HIGH

An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.

16 Jul 2024
7.5
CVSS
CVE-2024-6435HIGH

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

16 Jul 2024
8.8
CVSS
CVE-2024-5990HIGH

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.

25 Jun 2024
7.5
CVSS
CVE-2024-5989CRITICAL

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

25 Jun 2024
9.8
CVSS
CVE-2024-5988CRITICAL

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

25 Jun 2024
9.8
CVSS
CVE-2024-5659MEDIUM

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

14 Jun 2024
6.5
CVSS
CVE-2024-37369HIGH

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.

14 Jun 2024
8.8
CVSS
CVE-2024-37368HIGH

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.

14 Jun 2024
7.5
CVSS
CVE-2024-37367HIGH

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.

14 Jun 2024
7.5
CVSS
CVE-2024-4609CRITICAL

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.

16 May 2024
9.8
CVSS
CVE-2024-3493HIGH

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

16 Apr 2024
7.5
CVSS
CVE-2024-2424HIGH

An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability.

16 Apr 2024
7.5
CVSS
CVE-2024-2929HIGH

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.8
CVSS
CVE-2024-21920HIGH

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.1
CVSS
CVE-2024-21919HIGH

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.8
CVSS
CVE-2024-21918HIGH

A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.8
CVSS
CVE-2024-21913HIGH

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.8
CVSS
CVE-2024-21912HIGH

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

26 Mar 2024
7.8
CVSS
Rockwellautomation CVEs & Vulnerabilities — 340 Tracked — Page 2