Search Results (386 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9178 1 Rockwellautomation 1 1715-aentr Eternet/ip Adapter 2026-04-15 N/A
A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover.
CVE-2025-11697 1 Rockwellautomation 1 Studio 5000 Simulation Interface 2026-04-15 N/A
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.
CVE-2025-9124 1 Rockwellautomation 1 Compact Guardlogix 5370 2026-04-15 N/A
A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault.
CVE-2024-7567 1 Rockwellautomation 2 Micro850 Firmware, Micro870 Firmware 2026-04-15 N/A
A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.
CVE-2025-7350 1 Rockwellautomation 1 Stratix 2026-04-15 N/A
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.
CVE-2024-6078 1 Rockwellautomation 1 Datamosaix 2026-04-15 N/A
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud.
CVE-2025-14027 1 Rockwellautomation 1 Controllogix 2026-04-15 N/A
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.
CVE-2024-10943 1 Rockwellautomation 1 Factorytalk Updater 2026-04-15 9.1 Critical
An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2025-7774 1 Rockwellautomation 1 Armorblock 5000 Io 2026-04-15 N/A
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions.
CVE-2021-22681 1 Rockwellautomation 20 Compact Guardlogix 5370, Compact Guardlogix 5380, Compactlogix 1768 and 17 more 2026-03-06 9.8 Critical
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
CVE-2025-7025 1 Rockwellautomation 1 Arena 2026-02-26 7.8 High
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVE-2025-7032 1 Rockwellautomation 1 Arena 2026-02-26 7.8 High
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVE-2025-7033 1 Rockwellautomation 2 Arena, Arena Simulation 2026-02-26 7.8 High
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
CVE-2023-5909 4 Ge, Ptc, Rockwellautomation and 1 more 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more 2026-02-25 7.5 High
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
CVE-2019-10954 1 Rockwellautomation 10 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 7 more 2026-02-20 7.5 High
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
CVE-2019-10952 1 Rockwellautomation 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more 2026-02-20 9.8 Critical
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
CVE-2025-9278 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible.
CVE-2025-9279 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVE-2025-9281 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots
CVE-2025-9280 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.