Filtered by vendor Rockwellautomation
Subscriptions
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0473 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2009-0474 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. | ||||
| CVE-2009-0472 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3739 | 1 Rockwellautomation | 2 Ab Micrologix Controller 1100, Ab Micrologix Controller 1400 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. | ||||
| CVE-2019-25276 | 1 Rockwellautomation | 2 Factorytalk Activation, Studio | 2026-04-15 | 7.8 High |
| Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2025-12807 | 1 Rockwellautomation | 1 Factorytalk Datamosaix Private Cloud | 2026-04-15 | N/A |
| A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. | ||||
| CVE-2025-7693 | 1 Rockwellautomation | 1 Micro800 | 2026-04-15 | N/A |
| A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF015. To recover, clear the fault. | ||||
| CVE-2024-9412 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. | ||||
| CVE-2024-10944 | 1 Rockwellautomation | 1 Factorytalk Updater | 2026-04-15 | 8.4 High |
| A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed. | ||||
| CVE-2024-6079 | 1 Rockwellautomation | 1 Emulate3d | 2026-04-15 | N/A |
| A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. | ||||
| CVE-2025-11697 | 1 Rockwellautomation | 1 Studio 5000 Simulation Interface | 2026-04-15 | N/A |
| A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot. | ||||
| CVE-2025-9124 | 1 Rockwellautomation | 1 Compact Guardlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | ||||
| CVE-2025-9036 | 1 Rockwellautomation | 1 Factorytalk Action Manager | 2026-04-15 | N/A |
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | ||||
| CVE-2025-7971 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-04-15 | N/A |
| A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. | ||||
| CVE-2025-9437 | 1 Rockwellautomation | 1 Armorstart Aop | 2026-04-15 | N/A |
| A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model (COM) methods. | ||||
| CVE-2025-9066 | 1 Rockwellautomation | 1 Factorytalk View | 2026-04-15 | N/A |
| A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service. | ||||
| CVE-2025-9368 | 1 Rockwellautomation | 1 432es-ig3 Series A | 2026-04-15 | N/A |
| A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device. | ||||
| CVE-2025-9178 | 1 Rockwellautomation | 1 1715-aentr Eternet/ip Adapter | 2026-04-15 | N/A |
| A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover. | ||||
| CVE-2025-7350 | 1 Rockwellautomation | 1 Stratix | 2026-04-15 | N/A |
| A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication. | ||||
| CVE-2025-13824 | 1 Rockwellautomation | 3 Micro820, Micro850, Micro870 | 2026-04-15 | N/A |
| A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault. | ||||