Vulnerabilities
Vulnerable Software
Rockwellautomation:  Security Vulnerabilities
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-03-26
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-03-26
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
CVSS Score
7.5
EPSS Score
0.028
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
CVSS Score
7.5
EPSS Score
0.028
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-25
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
CVSS Score
9.0
EPSS Score
0.01
Published
2024-02-16
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
CVSS Score
8.6
EPSS Score
0.006
Published
2024-01-31
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-01-31
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-11-30


Contact Us

Shodan ® - All rights reserved