CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22681
https://notcve.org/view.php?id=CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores, y RSLogix 5000 versiones 16 hasta 20, usan una clave para verificar que los controladores Logix se estén comunicando con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores y RSLogix 5000: Versiones 16 hasta 20, son vulnerables porque un atacante no autenticado podría pasar por alto este mecanismo de comprobación y autenticarse con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550 , 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800 • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12033 – Rockwell Automation FactoryTalk View SE AddAgent Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12033
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. En Rockwell Automation FactoryTalk Services Platform, todas las versiones, el servicio de host de redundancia (RdcyHost.exe) no comprueba los identificadores suministrados, lo que podría permitir a un atacante adyacente no autenticado ejecutar objetos COM remotos con privilegios elevados This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AddAgent method. The issue results from a lack of authentication required to instantiate a COM object on the server. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.us-cert.gov/ics/advisories/icsa-20-170-04 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2020-6967 – Rockwell Automation FactoryTalk RNADiagnosticsSrv Deserialization Of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6967
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. En Rockwell Automation, todas las versiones del software FactoryTalk Diagnostics, un subsistema de la FactoryTalk Services Platform, FactoryTalk Diagnostics expone un endpoint .NET Remoting por medio del archivo RNADiagnosticsSrv.exe en TCPtcp/8082, lo cual puede deserializar de forma no segura los datos no confiables. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RNADiagnosticsSrv endpoint, which listens on TCP port 8082 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.us-cert.gov/ics/advisories/icsa-20-051-02 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18981
https://notcve.org/view.php?id=CVE-2018-18981
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. En Rockwell Automation FactoryTalk Services Platform 2.90 y anteriores, un atacante remoto no autenticado podría enviar numerosos paquetes manipulados a los puertos de servicio, lo que resulta en una corrupción de memoria que podría desembocar en una condición de denegación de servicio (DoS) parcial o completa de los servicios afectados. • http://www.securityfocus.com/bid/106279 https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9209
https://notcve.org/view.php?id=CVE-2014-9209
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en la aplicación Clean Utility en Rockwell Automation FactoryTalk Services Platform anterior a 2.71.00 y FactoryTalk View Studio 8.00.00 y anteriores permite a usuarios locales ganar privilegios a través de un DLL troyano en un directorio no especificado. • https://ics-cert.us-cert.gov/advisories/ICSA-15-062-02 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646323 •