Page 6 of 35 results (0.005 seconds)

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Existe una vulnerabilidad de escalada de privilegios en el producto afectado. La vulnerabilidad permite a los usuarios con pocos privilegios editar scripts, eludir las listas de control de acceso y potencialmente obtener más acceso dentro del sistema. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised. Rockwell Automation fue informado de una vulnerabilidad que hace que todos los controladores afectados en la misma red produzcan una falla importante no recuperable (MNRF/Assert). Esta vulnerabilidad podría explotarse enviando paquetes anormales al puerto mDNS. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Existe una vulnerabilidad en la función FactoryTalk® View SE Datalog de Rockwell Automation que podría permitir que un actor malicioso inyecte una declaración SQL maliciosa si la base de datos SQL no tiene autenticación implementada o si se robaron credenciales legítimas. • https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html • CWE-20: Improper Input Validation •