CVSS: 10.0EPSS: 0%CPEs: 66EXPL: 0CVE-2023-2262 – Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2262
20 Sep 2023 — A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. Existe una vulnerabilidad de Desbordamiento del Búfer en determinados dispositivos de comunicación 1756-EN* de Rockwell Automation. Si se explota, un actor de amenazas podría aprovechar ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140786 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2023-3595 – Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-3595
12 Jul 2023 — Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 1CVE-2018-17924
https://notcve.org/view.php?id=CVE-2018-17924
07 Dec 2018 — Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempt... • https://github.com/g0dd0ghd/CVE-2018-17924-PoC • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 2CVE-2016-2279 – Rockwell Scada System 27.011 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-2279
02 Mar 2016 — Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web en Rockwell Automation Allen-Bradley CompactLogix 1769-L* en versiones anteriores a 28.011+ permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Rockwell Scada System version 27.011 ... • https://packetstorm.news/files/id/147657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •