Filtered by vendor Rockwellautomation
Subscriptions
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0474 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. | ||||
| CVE-2009-0473 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2009-3739 | 1 Rockwellautomation | 2 Ab Micrologix Controller 1100, Ab Micrologix Controller 1400 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. | ||||
| CVE-2009-0472 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2024-10943 | 1 Rockwellautomation | 1 Factorytalk Updater | 2026-04-15 | 9.1 Critical |
| An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. | ||||
| CVE-2025-11085 | 1 Rockwellautomation | 1 Factorytalk | 2026-04-15 | N/A |
| A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website. | ||||
| CVE-2025-9042 | 1 Rockwellautomation | 1 Flex 5000 Io | 2026-04-15 | N/A |
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | ||||
| CVE-2025-12807 | 1 Rockwellautomation | 1 Factorytalk Datamosaix Private Cloud | 2026-04-15 | N/A |
| A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. | ||||
| CVE-2025-14377 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024. | ||||
| CVE-2025-11743 | 1 Rockwellautomation | 1 Compactlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover. | ||||
| CVE-2024-10944 | 1 Rockwellautomation | 1 Factorytalk Updater | 2026-04-15 | 8.4 High |
| A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed. | ||||
| CVE-2025-14027 | 1 Rockwellautomation | 1 Controllogix | 2026-04-15 | N/A |
| Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart. | ||||
| CVE-2025-9124 | 1 Rockwellautomation | 1 Compact Guardlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | ||||
| CVE-2025-7773 | 1 Rockwellautomation | 1 Armorblock 5000 Io | 2026-04-15 | N/A |
| A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable. | ||||
| CVE-2025-7350 | 1 Rockwellautomation | 1 Stratix | 2026-04-15 | N/A |
| A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication. | ||||
| CVE-2025-11862 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API. | ||||
| CVE-2024-10945 | 1 Rockwellautomation | 1 Factorytalk Updater | 2026-04-15 | 7.3 High |
| A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. | ||||
| CVE-2025-9178 | 1 Rockwellautomation | 1 1715-aentr Eternet/ip Adapter | 2026-04-15 | N/A |
| A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover. | ||||
| CVE-2024-9412 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. | ||||
| CVE-2025-11696 | 1 Rockwellautomation | 1 Studio 5000 Simulation Interface | 2026-04-15 | N/A |
| A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes. | ||||