CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18981
https://notcve.org/view.php?id=CVE-2018-18981
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. En Rockwell Automation FactoryTalk Services Platform 2.90 y anteriores, un atacante remoto no autenticado podría enviar numerosos paquetes manipulados a los puertos de servicio, lo que resulta en una corrupción de memoria que podría desembocar en una condición de denegación de servicio (DoS) parcial o completa de los servicios afectados. • http://www.securityfocus.com/bid/106279 https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19615
https://notcve.org/view.php?id=CVE-2018-19615
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device. Rockwell Automation Allen-Bradley PowerMonitor 1000 todas las versiones. Un atacante remoto podrÃa inyectar código arbitrario en el navegador web de un usuario objetivo para obtener acceso al dispositivo afectado • http://packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.html http://www.securityfocus.com/bid/106333 http://www.securityfocus.com/bid/108538 https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 https://www.exploit-db.com/exploits/45928 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 1CVE-2018-17924
https://notcve.org/view.php?id=CVE-2018-17924
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers y 1756 ControlLogix Communications Modules. Un actor de amenaza remoto no autenticado podría enviar una petición de conexión CIP a un dispositivo afectado y, tras conectarse exitosamente, enviar una nueva configuración IP al dispositivo afectado incluso aunque el controlador en el sistema esté configurado en modo Hard RUN. Cuando el dispositivo afectado acepta esta nueva configuración IP, ocurre una pérdida de comunicación entre el dispositivo y el resto del sistema, ya que el tráfico del sistema sigue intentando comunicarse con el dispositivo mediante la dirección IP sobrescrita. • https://github.com/g0dd0ghd/CVE-2018-17924-PoC http://www.securityfocus.com/bid/106132 https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2018-19616 – Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-19616
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. Se ha descubierto un problema en Rockwell Automation Allen-Bradley PowerMonitor 1000. Un usuario autenticado puede añadir/editar/eliminar administradores debido a que el control de acceso se implementa del lado del cliente mediante un atributo deshabilitado para un elemento BUTTON. Rockwell Automation Allen-Bradley PowerMonitor 1000 suffers from an incorrect access control that can allow for authentication bypass. • https://www.exploit-db.com/exploits/45937 http://packetstormsecurity.com/files/150619/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-Authentication-Bypass.html http://www.securityfocus.com/bid/106333 http://www.securityfocus.com/bid/108538 https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-14829
https://notcve.org/view.php?id=CVE-2018-14829
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Esta vulnerabilidad podría permitir que un actor de amenaza remoto envíe de forma intencional un paquete CIP mal formado al puerto 44818, lo que provoca que la aplicación deje de responder y se cierre inesperadamente. • https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 https://www.tenable.com/security/research/tra-2018-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •