CVE-2019-10954

CVE-2019-10954 affects Rockwell Automation CompactLogix 5370 family (L1/L2/L3), Compact GuardLogix 5370, and Armor Compact GuardLogix 5370 controllers with versions 20–30 and earlier. The root cause is a stack-based buffer overflow triggered by crafted SMTP packets, enabling a network-accessible ...

PT-2019-12099 · Rockwell Automation · Compactlogix 5370 +2

Name of the Vulnerable Software and Affected Versions: CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers versions 20 through 30 and earlier. Description: An attacker could send a crafted HTTP/HTTPS request to render th...

ICSA-19-120-01_Rockwell Automation CompactLogix 5370

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5370 Vulnerabilities: Uncontrolled Resource Consumption, Stack-based Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to...

CVE-2019-10955

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers...

Open redirect

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers...

CVE-2019-10955

Affected products: Rockwell Automation MicroLogix 1400 (Series A, B up to v15.002), MicroLogix 1100 (v14.00 and earlier), CompactLogix 5370 L1/L2/L3 controllers (up to v30.014), including GuardLogix. Vulnerability type: open redirect in the controller web server that could be exploited by a remot...

Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 and CompactLogix 5370 Controllers Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB includes 1756-EWEBK Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected...

CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB includes 1756-EWEBK Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected...

CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB includes 1756-EWEBK Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected...

CVE-2018-19016

CVE-2018-19016 affects Rockwell Automation EtherNet/IP Web Server Modules: 1756-EWEB (incl. 1756-EWEBK) <= v5.001 and CompactLogix 1768-EWEB

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update B)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Logix5000 Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the previously updated advisory titled...

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...

CVE-2017-6024

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...

Design/Logic Flaw

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...

CVE-2017-6024

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...

CVE-2017-6024

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...

CVE-2017-6024

CVE-2017-6024 affects Rockwell Automation ControlLogix 5580 (V28.011, V28.012, V28.013; V29.011) and CompactLogix 5380 (V28.011; V29.011). The issue is a Resource Exhaustion/DoS vulnerability triggered by sending specific CIP-based commands to the controller, with no public exploits documented in...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-343-05 Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability that was published January 5, 2017, on the NCCIC/ICS-CERT web site. Rockwell Automation has identified a buff...

Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.1 --------- Begin Update A Part 1 of 5 -------- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available --------- End Update A Part 1 of 5 --------- Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix Vulnerability:...