CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2464 – ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
https://notcve.org/view.php?id=CVE-2022-2464
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Salto de Ruta. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2463 – ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
https://notcve.org/view.php?id=CVE-2022-2463
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Salto de Ruta. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 18EXPL: 0CVE-2020-6998 – Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation
https://notcve.org/view.php?id=CVE-2020-6998
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. El algoritmo de establecimiento de conexión encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecución, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente diseñados a un controlador, lo que puede causar condiciones de denegación de servicio en las comunicaciones con otros productos • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2179 – ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
https://notcve.org/view.php?id=CVE-2022-2179
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. El encabezado X-Frame-Options en Rockwell Automation MicroLogix 1100/1400 Versiones 21.007 y anteriores, no está configurado en la respuesta HTTP, lo que podría permitir ataques de clickjacking • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994 https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.6EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1797 – Rockwell Automation Logix Controllers Uncontrolled Resource Consumption
https://notcve.org/view.php?id=CVE-2022-1797
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. Un mensaje de protocolo industrial común de clase 3 malformado con una conexión en caché puede causar una condición de denegación de servicio en los controladores Logix de Rockwell Automation, lo que resulta en una falla importante no recuperable. Si el dispositivo de destino deja de estar disponible, un usuario tendría que borrar el fallo y volver a descargar el archivo de proyecto del usuario para que el dispositivo vuelva a estar en línea • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 • CWE-400: Uncontrolled Resource Consumption •