181 matches found
Rockwell Automation Logix Controllers 安全漏洞
Rockwell Automation Logix Controllers is a high-performance control platform from Rockwell Automation. Use this single platform to perform sequence, process, drive, or motion control in any combination. A security vulnerability exists in Rockwell Automation Logix Controllers that originates from...
Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers URL Redirection to Untrusted Site (CVE-2019-10955)
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers...
Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix Improper Input Validation (CVE-2017-9312)
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. This plugin only works with Tenable.ot. Please visit...
Rockwell Automation CompactLogix 5370 Stack-Based Buffer Overflow (CVE-2019-10954)
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state MNRF in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20...
Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting (CVE-2016-2279)
Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
Rockwell Automation ControlLogix 5580 and CompactLogix 5380 Uncontrolled Resource Consumption (CVE-2017-6024)
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...
Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption (CVE-2019-10952)
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...
CVE-2021-22681
CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer (Versions 21+) and RSLogix 5000 (16–20). The root cause is an insecure authentication/verification mechanism used to validate that Logix controllers are communicating with Rockwell hardware (e.g., CompactLogix, ControlLogix, Gu...
PT-2021-2236
Name of the Vulnerable Software and Affected Versions Rockwell Automation Studio 5000 Logix Designer versions 21 and later, and RSLogix 5000 versions 16 through 20. Description An authentication bypass issue exists in Rockwell Automation's Studio 5000 Logix Designer and RSLogix 5000 software,...
Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: CompactLogix and ControlLogix controllers Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
PT-2021-2365 · Rockwell Automation · Guardlogix 5370 +7
Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix 5370 versions prior to 34 Rockwell Automation ControlLogix 5570 versions prior to 34 Rockwell Automation CompactLogix 5370 L1 versions prior to 34 Rockwell Automation CompactLogix 5370 L2 versions prior to 34...
Allen-Bradley CompactLogix L16ER Has Industrial Control Device Vulnerability
Allen-Bradley Automation provides customers with a full suite of components, products, control and information platforms, as well as support services and manufacturing solutions. An industrial control device vulnerability exists in Allen-Bradley CompactLogix L16ER. An attacker could exploit the...
Rockwellautomation Compactlogix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. File data ot500302.nasl...
Rockwellautomation Compactlogix Improper Restriction of Operations within the Bounds of a Memory Buffer
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...
Rockwellautomation Controllogix Unspecified Vulnerability
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwellautomation Controllogix Exposure of Sensitive Information to an Unauthorized Actor
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwellautomation Controllogix Unspecified Vulnerability
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwellautomation Compactlogix Improper Restriction of Operations within the Bounds of a Memory Buffer
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state MNRF in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20...
Rockwellautomation Compactlogix Uncontrolled Resource Consumption
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...
Rockwell Automation CompactLogix <= v30.014 Uncontrolled Resource Consumption or Stack-based Buffer Overflow (ICSA-19-120-01)
Binary data 720278.prm...