Page 5 of 35 results (0.006 seconds)

CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201685.html • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201683.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html • CWE-269: Improper Privilege Management •

CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1681.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •