CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18981
https://notcve.org/view.php?id=CVE-2018-18981
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. En Rockwell Automation FactoryTalk Services Platform 2.90 y anteriores, un atacante remoto no autenticado podría enviar numerosos paquetes manipulados a los puertos de servicio, lo que resulta en una corrupción de memoria que podría desembocar en una condición de denegación de servicio (DoS) parcial o completa de los servicios afectados. • http://www.securityfocus.com/bid/106279 https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10619 – RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-10619
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. Un elemento o ruta de búsqueda sin entrecomillar en RSLinx Classic en versiones 3.90.01 y anteriores y FactoryTalk Linx Gateway en versiones 3.90.00 y anteriores podría permitir que un usuario local autorizado sin privilegios ejecute código arbitrario y permita que un actor de amenaza escale sus privilegios de usuario en la estación de trabajo afectada. Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway suffer from a privilege escalation vulnerability. Rockwell Automation RSLinx Classic versions 3.90.01, 3.73.00, 3.72.00, and 2.58.00 are susceptible. Rockwell Automation FactoryTalk Linx Gateway version 3.90.00 is susceptible. • https://www.exploit-db.com/exploits/44892 http://www.securityfocus.com/bid/104415 https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6015
https://notcve.org/view.php?id=CVE-2017-6015
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. • http://www.securityfocus.com/bid/96996 https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14022
https://notcve.org/view.php?id=CVE-2017-14022
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. Se ha descubierto un problema de validación de entrada incorrecta en Rockwell Automation FactoryTalk Alarms and Events, versión 2.90 y anteriores. Un atacante sin autenticar con acceso remoto a red y con FactoryTalk Alarms and Events puede enviar un paquete que incluya un grupo de paquetes manipulados al puerto 403/TCP (el servicio archivador de historiales), lo que provocaría que el servicio se bloquease o se cerrase. • http://www.securityfocus.com/bid/102114 https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4522
https://notcve.org/view.php?id=CVE-2016-4522
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Rockwell Automation FactoryTalk EnergyMetrix en versiones anteriores a 2.20.00 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92135 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •