High
CVSS: 8.6
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing th…
High
CVSS: 7.1
A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.
High
CVSS: 7.1
A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system cras…
High
CVSS: 8.7
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full comm…
High
CVSS: 8.4
A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx driv…
High
CVSS: 8.4
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. I…
High
CVSS: 8.4
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. I…
High
CVSS: 8.4
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. I…
High
CVSS: 7.1
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a…
High
CVSS: 7.1
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a…
High
CVSS: 8.5
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-o…
High
CVSS: 8.5
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the par…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploite…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploite…
High
CVSS: 8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploite…