CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-7971 – Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7971
14 Aug 2025 — A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1734.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7033 – Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation
https://notcve.org/view.php?id=CVE-2025-7033
05 Aug 2025 — A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. Existe un problema de abuso de memoria en Rockwell Automation Arena® Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1731.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7032 – Rockwell Automation Stack-based Buffer Overflow In Arena® Simulation
https://notcve.org/view.php?id=CVE-2025-7032
05 Aug 2025 — A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. Existe un problema de abuso de memoria en Rockwell Automation Arena® Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1731.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7025 – Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation
https://notcve.org/view.php?id=CVE-2025-7025
05 Aug 2025 — A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. Existe un problema de abuso de memoria en Rockwell Automation Arena® Simulation. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1731.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3618 – Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-3618
15 Apr 2025 — A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0477 – Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0477
30 Jan 2025 — An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0497 – Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0497
30 Jan 2025 — A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0498 – Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0498
30 Jan 2025 — A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1721.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.7EPSS: 0%CPEs: 21EXPL: 0CVE-2024-6207
https://notcve.org/view.php?id=CVE-2024-6207
14 Oct 2024 — CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 11EXPL: 0CVE-2024-6077 – Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP
https://notcve.org/view.php?id=CVE-2024-6077
12 Sep 2024 — A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html • CWE-20: Improper Input Validation •