35 results (0.005 seconds)

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD17011.html • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html • CWE-20: Improper Input Validation •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html • CWE-125: Out-of-bounds Read •