Rockwell Automation 1756 Incorrect Authorization (CVE-2010-2965)

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

Rockwell Automation ControlLogix controllers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2012-6441)

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules allow remote attackers to obtain sensitive information via a crafted CIP packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Rockwellautomation Controllogix Unspecified Vulnerability

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...

Rockwell Automation/Allen-Bradley 1756-ENBT Ethernet/IP Communication Interface

Binary data 751065.prm...

Rockwell Automation 1756-ENBT/A Open Redirect

Binary data 720207.prm...

Rockwell Automation 1756-ENBT/A Multiple Cross-Site Scripting

Binary data 720206.prm...

Rockwell Automation 1756-ENBT/A 3.2.6 and 3.6.1 Unauthorized Memory Access

Binary data 720210.prm...

Rockwell Automation 1756-ENBT/A Web Server Internal Information Exposure

Binary data 720208.prm...

Rockwell Automation ControlLogix 远程拒绝服务漏洞

漏洞起因 边界条件错误影响系统Rockwell Automation Micrologix 1400 Rockwell Automation Micrologix 1100远程攻击者可以利用漏洞使设备崩溃。攻击所需条件 攻击者必须访问Rockwell Automation MicroLogix产品。漏洞信息Rockwell Automation MicroLogix是一款可编程控制器平台。 设备没有校验要拷贝到缓冲区的数据，允许远程攻击者可以向2222/TCP, 2222/UDP,...

CVE-2012-6435

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availabili...

CVE-2012-6441

CVE-2012-6441 is an information-exposure vulnerability affecting Rockwell Automation EtherNet/IP products, including 1756-ENBT/1768-ENBT/1768-EWEB modules, CompactLogix/L18-L19 controllers, GuardLogix, SoftLogix, MicroLogix 1100/1400, and associated NICs and adapters. The issue arises when the de...

CVE-2012-6435

CVE-2012-6435 affects Rockwell Automation EtherNet/IP products (e.g., 1756-ENBT/ENBT, 1768-ENBT/EWEB, CompactLogix L32E/L35E, 1788-ENBT, 1794-AENTR, MicroLogix 1100/1400, and various ControlLogix/GuardLogix/SoftLogix platforms). The issue allows a CIP message from an unauthorized source to ports ...

CVE-2012-6439 Rockwell Automation ControlLogix PLC Improper Access Control

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of...

CVE-2012-6441 Rockwell Automation ControlLogix PLC Information Exposure

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/I...

ROCKWELL Automation ControlLogix Crash 1756-ENBT Module (CrashEth)

...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

Design/Logic Flaw

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603...