Lucene search
K

838 matches found

Cvelist
Cvelist
added 2022/04/01 10:17 p.m.37 views

CVE-2021-32960 Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...

8.5CVSS8.8AI score0.02339EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/04/01 10:17 p.m.8 views

CVE-2021-32960 Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...

8.5CVSS8.7AI score0.02339EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.2 views

CVE-2021-27474

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...

7.5CVSS5.8AI score0.01549EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.3 views

CVE-2021-27472

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

9.8CVSS6AI score0.0532EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.7 views

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

9.8CVSS6AI score0.04271EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.16 views

CVE-2021-27474

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...

10CVSS0.01549EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.22 views

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

10CVSS0.04271EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.15 views

CVE-2021-27472

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

10CVSS0.0532EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27468

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

9.8CVSS7.5AI score0.03358EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.15 views

CVE-2021-27470

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

10CVSS0.03681EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.5 views

CVE-2021-27464

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

9.8CVSS6AI score
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.16 views

CVE-2021-27462

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

10CVSS0.03681EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.23 views

CVE-2021-27460

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to th...

10CVSS0.03072EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.6 views

CVE-2021-27470

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

9.8CVSS7.5AI score0.03681EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.20 views

CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

10CVSS0.03736EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.6 views

CVE-2021-27462

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

9.8CVSS7.5AI score0.03681EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27460

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to th...

9.8CVSS7.2AI score0.03072EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.3 views

CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

9.8CVSS6AI score0.03736EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.22 views

CVE-2021-27468

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

10CVSS0.03358EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 8:15 p.m.20 views

Command injection

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

7.5CVSS9.9AI score0.04271EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder