CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2285 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2285
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1449 – Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager
https://notcve.org/view.php?id=CVE-2025-1449
31 Mar 2025 — A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24482 – FactoryTalk® View Site Edition - Local Code Injection
https://notcve.org/view.php?id=CVE-2025-24482
28 Jan 2025 — A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1720.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24481 – FactoryTalk® View Site Edition - Incorrect Permission Assignment
https://notcve.org/view.php?id=CVE-2025-24481
28 Jan 2025 — An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1720.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24480 – FactoryTalk® View Machine Editon - Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-24480
28 Jan 2025 — A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24479 – FactoryTalk® View Machine Edition - Local Code Injection
https://notcve.org/view.php?id=CVE-2025-24479
28 Jan 2025 — A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-24478 – 5380/5580 Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-24478
28 Jan 2025 — A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0631 – PowerFlex® 755 Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0631
28 Jan 2025 — A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1717.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0659 – Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
https://notcve.org/view.php?id=CVE-2025-0659
28 Jan 2025 — A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects. A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character seq... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1715.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12672 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-12672
19 Dec 2024 — A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated ... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •