CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-10952 – Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption
https://notcve.org/view.php?id=CVE-2019-10952
01 May 2019 — An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. Un atacante podría enviar una petición HTTP/HTTPS creada para hacer que el servidor web no esté disponible y/o provocar una ejecuc... • http://www.securityfocus.com/bid/108118 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-10954 – Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-10954
01 May 2019 — An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. Un atacante podría enviar paquetes SMTP creados para causar una condición de denegación de servicio en la que el controlador entra en un estado de fallo superior no recuperable (MNRF) en los con... • http://www.securityfocus.com/bid/108118 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 2%CPEs: 11EXPL: 0CVE-2019-10955
https://notcve.org/view.php?id=CVE-2019-10955
25 Apr 2019 — In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that coul... • https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-6024
https://notcve.org/view.php?id=CVE-2017-6024
06 May 2017 — A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. Se ha descubierto un problema de agotamiento de recursos en Rockwell Automation ControlLogix 5580 en los controlad... • http://www.securityfocus.com/bid/98309 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 101EXPL: 0CVE-2016-9343
https://notcve.org/view.php?id=CVE-2016-9343
13 Feb 2017 — An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Contro... • http://www.securityfocus.com/bid/95304 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 3%CPEs: 46EXPL: 2CVE-2016-2279 – Rockwell Scada System 27.011 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-2279
02 Mar 2016 — Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web en Rockwell Automation Allen-Bradley CompactLogix 1769-L* en versiones anteriores a 28.011+ permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Rockwell Scada System version 27.011 ... • https://packetstorm.news/files/id/147657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 32%CPEs: 18EXPL: 0CVE-2012-6435
https://notcve.org/view.php?id=CVE-2012-6435
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 13%CPEs: 18EXPL: 0CVE-2012-6436
https://notcve.org/view.php?id=CVE-2012-6436
24 Jan 2013 — Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; a... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2012-6437
https://notcve.org/view.php?id=CVE-2012-6437
24 Jan 2013 — Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 21%CPEs: 18EXPL: 0CVE-2012-6438
https://notcve.org/view.php?id=CVE-2012-6438
24 Jan 2013 — Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; a... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •