838 matches found
Command injection
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
Deserialization of untrusted data
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
Deserialization of untrusted data
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
Code injection
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to th...
Design/Logic Flaw
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...
Authentication flaw
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...
Authentication flaw
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...
CVE-2021-27476 Rockwell Automation FactoryTalk AssetCentre OS Command Injection
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
CVE-2021-27476
The CVE-2021-27476 issue affects Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier) with a flaw in the SaveConfigFile function of the RACompare Service that may allow an unauthenticated remote attacker to inject and execute OS commands. Impact is described as arbitrary command execu...
CVE-2021-27476 Rockwell Automation FactoryTalk AssetCentre OS Command Injection
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...
CVE-2021-27470 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
CVE-2021-27470
Rockwell Automation FactoryTalk AssetCentre before version 11 is affected by a deserialization vulnerability in the LogService.rem component that allows remote, unauthenticated command execution. Affected product: FactoryTalk AssetCentre v10.00 and earlier. Root cause: improper deserialization/ve...
CVE-2021-27470 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
CVE-2021-27466
Summary (validated by provided sources): Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier) is affected by a deserialization vulnerability in the ArchiveService.rem component that can allow a remote, unauthenticated attacker to execute arbitrary commands on FactoryTalk AssetCentre. ...
CVE-2021-27466 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
CVE-2021-27466 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...
CVE-2021-27474
CVE-2021-27474 affects Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier). The root issue is failure to properly restrict all functions relating to IIS remoting services, potentially allowing a remote, unauthenticated attacker to modify sensitive data in AssetCentre. Affected compon...
CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre...
CVE-2021-27468 Rockwell Automation FactoryTalk AssetCentre SQL Injection
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...