196 matches found
CVE-2021-22681
CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer (versions 21+) and RSLogix 5000 (16–20). The issue is “Insufficiently Protected Credentials” (CWE-522): an unauthenticated attacker could bypass the verification key used to confirm Logix controller communication and authentica...
PT-2021-2236
Name of the Vulnerable Software and Affected Versions Rockwell Automation Studio 5000 Logix Designer versions 21 and later, and RSLogix 5000 versions 16 through 20. Description An authentication bypass issue exists in Rockwell Automation's Studio 5000 Logix Designer and RSLogix 5000 software,...
PT-2021-2365 · Rockwell Automation · Guardlogix 5370 +7
Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix 5370 versions prior to 34 Rockwell Automation ControlLogix 5570 versions prior to 34 Rockwell Automation CompactLogix 5370 L1 versions prior to 34 Rockwell Automation CompactLogix 5370 L2 versions prior to 34...
Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: CompactLogix and ControlLogix controllers Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Allen-Bradley CompactLogix L16ER Has Industrial Control Device Vulnerability
Allen-Bradley Automation provides customers with a full suite of components, products, control and information platforms, as well as support services and manufacturing solutions. An industrial control device vulnerability exists in Allen-Bradley CompactLogix L16ER. An attacker could exploit the...
The vulnerability of the microprogramming software used in MicroLogix 1400 A, MicroLogix 1400 B, MicroLogix 1100, CompactLogix 5370 L1, CompactLogix 5370 L2, and CompactLogix 5370 L3 allows a hacker to redirect the target user to a malicious website using a specially created link.
The vulnerability of microprogrammed logic controllers from MicroLogix, such as MicroLogix 1400 A, MicroLogix 1400 B, MicroLogix 1100, CompactLogix 5370 L1, CompactLogix 5370 L2, and CompactLogix 5370 L3, is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability...
Rockwellautomation Compactlogix Uncontrolled Resource Consumption
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause...
Rockwellautomation Controllogix Unspecified Vulnerability
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwellautomation Controllogix Exposure of Sensitive Information to an Unauthorized Actor
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwellautomation Compactlogix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. File data ot500302.nasl...
Rockwellautomation Compactlogix Improper Restriction of Operations within the Bounds of a Memory Buffer
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...
Rockwellautomation Compactlogix Improper Restriction of Operations within the Bounds of a Memory Buffer
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state MNRF in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20...
Rockwellautomation Controllogix Unspecified Vulnerability
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Rockwell Automation CompactLogix <= v30.014 Uncontrolled Resource Consumption or Stack-based Buffer Overflow (ICSA-19-120-01)
Binary data 720278.prm...
Rockwell Automation/Allen-Bradley 1769-L18ERM LOGIX5318ERM CompactLogix 5370 L1 Processor
Binary data 764811.prm...
Rockwell Automation CompactLogix 5370 Buffer Overflow Denial of Service (CVE-2019-10954)
A denial of service vulnerability exists in Rockwell Automation CompactLogix 5370 PLCs. A remote, unauthenticated attacker could send crafted SMTP configuration packets to cause denial of service conditions...
Rockwell Automation MicroLogix 1100/1400 and CompactLogix 5370 Controllers Open Redirection Vulnerability
The Rockwell Automation MicroLogix 1100/1400 or CompactLogix 5370 controller web server is affected by an open redirect vulnerability. An unauthenticated remote attacker can exploit this issue in conjunction with a social engineering attack to redirect the user to a malicious site that could run ...
Rockwell Automation/Allen-Bradley CompactLogix 1768 Detection
Binary data 67.prm...
Rockwell Automation/Allen-Bradley CompactLogix 1769-Lx PLC Detection
Binary data 68.prm...
Denial of Service Vulnerability in Rockwell Allen-Bradley 1769-L32E CompactLogix EtherNet Processor
The Rockwell Allen-Bradley 1769-L32E CompactLogix EtherNet Processor is a 1766-L32 Series Programmable Logic Controller PLC that provides an integrated ControlNet communication port that provides an integrated Ethernet interface. A denial of service vulnerability exists in the Rockwell...