Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.10 views

CVE-2020-12033

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service RdcyHost.exe does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges...

8.8CVSS7.3AI score0.01099EPSS
Exploits0References1
ICS
ICS
added 2025/08/14 6:0 a.m.15 views

Rockwell Automation FactoryTalk Viewpoint

RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

8.5CVSS7.4AI score0.00129EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/10/25 5:4 p.m.24 views

CVE-2024-10387 Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service...

8.7CVSS0.07968EPSS
Exploits0References1
CVE
CVE
added 2024/05/16 3:25 p.m.67 views

CVE-2024-3640

CVE-2024-3640 affects Rockwell Automation FactoryTalk Remote Access. An unquoted executable path in the FTRA installer could enable remote code execution with System privileges, requiring admin rights (local attack vector per CVSS4: AV:L, PR:H, UI:A). ICSA/CISA notes the vulnerability is not expl...

7CVSS7.8AI score0.00272EPSS
Exploits0References1
CISA
CISA
added 2023/05/18 12:0 p.m.4 views

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-0...

7AI score
Exploits0References5
NVD
NVD
added 2022/03/23 8:15 p.m.25 views

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

10CVSS0.04271EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.26 views

CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

10CVSS0.03736EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 8:15 p.m.18 views

Deserialization of untrusted data

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

7.5CVSS9.7AI score0.03681EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.27 views

Deserialization of untrusted data

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

7.5CVSS9.7AI score0.03681EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.22 views

Authentication flaw

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

7.5CVSS9.7AI score0.03346EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.5 views

CVE-2021-27470 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...

10CVSS9.8AI score0.03681EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/01/19 12:0 a.m.76 views

Rockwell Automation FactoryTalk Alarms and Events Detection (Windows SMB Login)

SMB login-based detection of Rockwell Automation FactoryTalk Alarms and Events. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

7.4AI score
Exploits0References1
NVD
NVD
added 2013/04/18 2:25 a.m.27 views

CVE-2012-4714

Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform FTSP CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service service outage or RNADiagReceiver.exe daemon crash via UDP data th...

7.8CVSS7.6AI score0.03221EPSS
Exploits0References2
Prion
Prion
added 2013/04/18 2:25 a.m.20 views

Integer overflow

Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform FTSP CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service service outage or RNADiagReceiver.exe daemon crash via UDP data th...

7.8CVSS7.5AI score0.03221EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/04/18 2:25 a.m.18 views

Integer overflow

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform FTSP CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service service outage or RNADiagReceiver.exe daemon crash via UDP...

7.8CVSS7.2AI score0.03221EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder