CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2423 – Rockwell Automation Armor PowerFlex Vulnerable to Denial-Of-Service
https://notcve.org/view.php?id=CVE-2023-2423
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2913 – Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2023-2913
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2263 – Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A – CIP Message Attack Could Cause Denial-Of-Service
https://notcve.org/view.php?id=CVE-2023-2263
The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140029 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3596 – Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service
https://notcve.org/view.php?id=CVE-2023-3596
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-3595 – Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-3595
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 • CWE-787: Out-of-bounds Write •