CVSS: 10.0EPSS: 0%CPEs: 48EXPL: 0CVE-2022-1161 – ICSA-22-090-05 Rockwell Automation Logix Controllers
https://notcve.org/view.php?id=CVE-2022-1161
11 Apr 2022 — An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. Un atacante con la capacidad de modificar un programa de usuario puede cambiar el código del programa de usuario en algunos sistemas ControlLogix, CompactLogix y GuardLogix Control. Studio 5... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22681
https://notcve.org/view.php?id=CVE-2021-22681
03 Mar 2021 — Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an un... • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 101EXPL: 0CVE-2016-9343
https://notcve.org/view.php?id=CVE-2016-9343
13 Feb 2017 — An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Contro... • http://www.securityfocus.com/bid/95304 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 32%CPEs: 18EXPL: 0CVE-2012-6435
https://notcve.org/view.php?id=CVE-2012-6435
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 13%CPEs: 18EXPL: 0CVE-2012-6436
https://notcve.org/view.php?id=CVE-2012-6436
24 Jan 2013 — Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; a... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2012-6437
https://notcve.org/view.php?id=CVE-2012-6437
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 21%CPEs: 18EXPL: 0CVE-2012-6438
https://notcve.org/view.php?id=CVE-2012-6438
24 Jan 2013 — Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; a... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 1%CPEs: 18EXPL: 0CVE-2012-6439
https://notcve.org/view.php?id=CVE-2012-6439
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-6440
https://notcve.org/view.php?id=CVE-2012-6440
24 Jan 2013 — The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; Gua... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 19%CPEs: 18EXPL: 0CVE-2012-6441
https://notcve.org/view.php?id=CVE-2012-6441
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •