CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10386 – Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-10386
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7847 – RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script
https://notcve.org/view.php?id=CVE-2024-7847
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9412 – Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager
https://notcve.org/view.php?id=CVE-2024-9412
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html • CWE-842: Placement of User into Incorrect Group •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8626 – Logix Controllers Vulnerable to Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-8626
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9124 – Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability
https://notcve.org/view.php?id=CVE-2024-9124
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •