CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4531
https://notcve.org/view.php?id=CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Rockwell Automation FactoryTalk EnergyMetrix en versiones anteriores a 2.20.00 no invalida credenciales sobre una acción de cierre de sesión, lo que facilita a atacantes remotos obtener acceso aprovechando una estación de servicio desatendida. • http://www.securityfocus.com/bid/92135 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03 • CWE-285: Improper Authorization •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9209
https://notcve.org/view.php?id=CVE-2014-9209
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en la aplicación Clean Utility en Rockwell Automation FactoryTalk Services Platform anterior a 2.71.00 y FactoryTalk View Studio 8.00.00 y anteriores permite a usuarios locales ganar privilegios a través de un DLL troyano en un directorio no especificado. • https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4713
https://notcve.org/view.php?id=CVE-2012-4713
Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. Error de signo Integer en RNADiagnostics.dll de Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio o la caída del demonio RNADiagReceiver.exe) a través de los datos de UDP que especifica un valor entero negativo. • http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4714
https://notcve.org/view.php?id=CVE-2012-4714
Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. Desbordamiento de entero en RNADiagnostics.dll de Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, y CPR9-SR6 permite a atacantes remotos causar una denegación de servicio (interrupción del servicio o la caída del demonio RNADiagReceiver.exe) a través de los datos de UDP que especifica un gran valor entero. • http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0222
https://notcve.org/view.php?id=CVE-2012-0222
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. El servicio FactoryTalk (FT) RNADiagReceiver en Rockwell Automation Allen-Bradley FactoryTalk CPR9 hasta SR5 y RSLogix 5000 17 hasta 20 permite a atacantes remotos provocar una denegación de servicio (lectura fuera del límite) a través de un paquete manipulado. • http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •