838 matches found
CVE-2025-13036
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...
CVE-2025-13036 Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...
CVE-2025-13036
CVE-2025-13036 affects Rockwell Automation’s FactoryTalk Historian Site Edition . Description and connected sources confirm an authentication bypass vulnerability: by repeatedly hitting the login endpoint, an attacker could obtain a valid authentication token. The CVSS metrics indicate a network-...
PT-2026-49705
Name of the Vulnerable Software and Affected Versions FactoryTalk Historian Site Edition affected versions not specified Description An authentication bypass issue exists where an attacker can obtain a valid authentication token by continually sending requests to the login endpoint. Recommendatio...
Rockwell Automation Studio 5000 Logix Designer Code Issue Vulnerability
Rockwell Automation Studio 5000 Logix Designer is a Windows-based application from Rockwell Automation, Inc. It is used to build programs for PLCs. A code issue vulnerability exists in Rockwell Automation Studio 5000 Logix Designer, which stems from an unquoted service path in FactoryTalk...
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
Rockwell Automation Studio 5000 Logix Designer 代码问题漏洞
Rockwell Automation Studio 5000 Logix Designer is a Windows-based application from Rockwell Automation, Inc. It is used to build programs for PLCs. A code issue vulnerability exists in Rockwell Automation Studio 5000 Logix Designer, which stems from an unquoted service path in FactoryTalk...
CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
CVE-2019-25276
CVE-2019-25276 affects Studio 5000 Logix Designer 30.01.00 and is due to an unquoted service path in the FactoryTalk Activation Service . The vulnerability enables local attackers to execute code with elevated privileges by exploiting the unquoted path at the directory “C:\Program Files (x86)\Roc...
CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
PT-2026-5809
Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer version 30.01.00 Description Studio 5000 Logix Designer 30.01.00 has an unquoted service path issue within the FactoryTalk Activation Service. This allows local users to potentially run code with higher privileges. T...
Rockwell Automation FactoryTalk DataMosaix Private Cloud
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
CVE-2020-12033
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service RdcyHost.exe does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges...
CVE-2020-12034
Products that use EDS Subsystem: Version 28.0.1 and prior FactoryTalk Linx software Previously called RSLinx Enterprise: Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and...
CVE-2020-12003
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2020-12038
Products that use EDS Subsystem: Version 28.0.1 and prior FactoryTalk Linx software Previously called RSLinx Enterprise: Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and...
CVE-2020-12005
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
CVE-2021-27472
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...
CVE-2021-27474
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...