The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...

CVE-2021-22681

CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer (Versions 21+) and RSLogix 5000 (16–20). The root cause is an insecure authentication/verification mechanism used to validate that Logix controllers are communicating with Rockwell hardware (e.g., CompactLogix, ControlLogix, Gu...

PT-2021-2236

Name of the Vulnerable Software and Affected Versions Rockwell Automation Studio 5000 Logix Designer versions 21 and later, and RSLogix 5000 versions 16 through 20. Description An authentication bypass issue exists in Rockwell Automation's Studio 5000 Logix Designer and RSLogix 5000 software,...

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: CompactLogix and ControlLogix controllers Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

PT-2021-2365 · Rockwell Automation · Guardlogix 5370 +7

Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix 5370 versions prior to 34 Rockwell Automation ControlLogix 5570 versions prior to 34 Rockwell Automation CompactLogix 5370 L1 versions prior to 34 Rockwell Automation CompactLogix 5370 L2 versions prior to 34...

Industrial Control Device Vulnerability in Rockwell ControlLogix 5571

Allen-Bradley ControlLogix 5571 is a programmable automation controller of Rockwell Automation's ControlLogix 5570 series. The Rockwell ControlLogix 5571 is an industrial control device vulnerability that can be exploited by an attacker to cause the device to power down and reboot...

Rockwellautomation Controllogix Exposure of Sensitive Information to an Unauthorized Actor

The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. File data ot500031.nasl...

Rockwellautomation Controllogix Unspecified Vulnerability

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...

Rockwellautomation Controllogix Exposure of Sensitive Information to an Unauthorized Actor

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...

Rockwellautomation Micrologix Missing Authentication for Critical Function

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

Rockwellautomation Controllogix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting XSS vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. File data ot500258.nasl...

Rockwellautomation Controllogix Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier...

Rockwell Automation/Allen-Bradley 1756 ControlLogix Controller Detection

Binary data 130.prm...

Rockwell Automation ControlLogix 5370 Web Portal Denial of Service (CVE-2019-10952)

A denial of service vulnerability exists in Rockwell Automation CompactLogix 5370 PLCs. A remote, unauthenticated attacker could send specific requests to the web server to cause denial of service conditions...

Rockwell Automation/Allen-Bradley ControlLogix Communications Adapter Detection

Binary data 750352.prm...

Rockwell Automation/Allen-Bradley 1756-L83E LOGIX5583E ControlLogix PLC

Binary data 750365.prm...

Rockwell Automation/Allen-Bradley 1756-L74 LOGIX5574 ControlLogix PLC

Binary data 750360.prm...

Rockwell Automation/Allen-Bradley 1756-L75 LOGIX5575 ControlLogix PLC

Binary data 750361.prm...

Rockwell Automation/Allen-Bradley 1756-L72 LOGIX5572 ControlLogix PLC

Binary data 750357.prm...

Rockwell Automation ControlLogix 55xx Emulator 1756-Lx/Em PLC

Binary data 753082.prm...