CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5988 – Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5988
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37369 – Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
https://notcve.org/view.php?id=CVE-2024-37369
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Existe una vulnerabilidad de escalada de privilegios en el producto afectado. La vulnerabilidad permite a los usuarios con pocos privilegios editar scripts, eludir las listas de control de acceso y potencialmente obtener más acceso dentro del sistema. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5659 – Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers
https://notcve.org/view.php?id=CVE-2024-5659
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised. Rockwell Automation fue informado de una vulnerabilidad que hace que todos los controladores afectados en la misma red produzcan una falla importante no recuperable (MNRF/Assert). Esta vulnerabilidad podría explotarse enviando paquetes anormales al puerto mDNS. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4609 – Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4609
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Existe una vulnerabilidad en la función FactoryTalk® View SE Datalog de Rockwell Automation que podría permitir que un actor malicioso inyecte una declaración SQL maliciosa si la base de datos SQL no tiene autenticación implementada o si se robaron credenciales legítimas. • https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21914 – Rockwell Automation - FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections
https://notcve.org/view.php?id=CVE-2024-21914
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product. Existe una vulnerabilidad en el producto afectado que permite a un usuario malintencionado reiniciar el terminal Rockwell Automation PanelView™ Plus 7 de forma remota sin protecciones de seguridad. Si se explota la vulnerabilidad, podría provocar la pérdida de visión o control del producto PanelView™. • https://www.rockwellautomation.com/en-us/support/advisory.SD1663.html • CWE-400: Uncontrolled Resource Consumption •