CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7567 – Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
https://notcve.org/view.php?id=CVE-2024-7567
13 Aug 2024 — A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration. • https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1684.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6089 – Rockwell Automation Major nonrecoverable fault in 5015 – AENFTXT
https://notcve.org/view.php?id=CVE-2024-6089
16 Jul 2024 — An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the pro... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6326 – Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
https://notcve.org/view.php?id=CVE-2024-6326
16 Jul 2024 — An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate r... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37368 – Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction
https://notcve.org/view.php?id=CVE-2024-37368
14 Jun 2024 — A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. Existe una vulnerabilidad de autenticación de usuario en Rockwell Automation FactoryTalk® View SE. La vulnerabilidad permite a un usuario desde un sistema remoto con FTView enviar ... • https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37367 – Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
https://notcve.org/view.php?id=CVE-2024-37367
14 Jun 2024 — A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification. Existe una vulnerabilidad de autenticación de usuario en Rockwell Automation FactoryTalk® View SE v12. La vulnerabilidad permite a un usuario desde un sistema remoto con FTView enviar un paquete al servidor del cliente... • https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1675.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2424 – Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault
https://notcve.org/view.php?id=CVE-2024-2424
15 Apr 2024 — An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. Existe una vulnerabilidad de validación de entrada en Rockwell Automation 5015-AENFTXT que hace que el adaptador secundario genere una falla... • https://www.rockwellautomation.com/en-us/support/advisory.SD1667.html • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3493 – Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value
https://notcve.org/view.php?id=CVE-2024-3493
15 Apr 2024 — A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. Un tipo de paquete fragmentado con forma... • https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-2929 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-2929
26 Mar 2024 — A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad de corrupción de memor... • https://github.com/Lavender-exe/CVE-2024-29296-PoC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21920 – Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-21920
26 Mar 2024 — A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad del búfer de memoria en Rockwell Automation Arena Simulation podría permitir que un actor de amenazas lea más allá ... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21919 – Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2024-21919
26 Mar 2024 — An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Un puntero no inicializado en el software de Rockwell Autom... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-824: Access of Uninitialized Pointer •