3 results (0.002 seconds)

CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0

18 Dec 2024 — A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0

18 Dec 2024 — A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0

18 Dec 2024 — A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •