Rockwellautomation Security Vulnerabilities (CVEs)
Track 99 security vulnerabilities affecting Rockwellautomation products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A denial-of-service vulnerability in ArmorStart LT industrial motor controllers causes unexpected device reboots when subjected to specific EtherNet/I...
Jan 20, 2026A denial-of-service vulnerability in ArmorStart LT industrial motor controllers causes unexpected device reboots when processing specific network traf...
Jan 20, 2026A denial-of-service vulnerability in ArmorStart LT industrial motor controllers allows attackers to crash the CIP port by sending specially crafted pa...
Jan 20, 2026Rockwell Automation Arena® has a stack-based buffer overflow vulnerability in DOE file parsing. Local attackers can exploit this by opening malicious...
Nov 14, 2025This vulnerability allows authenticated Windows users to hijack a repair process in Rockwell Automation's FTLinx software, gaining SYSTEM-level comman...
Oct 14, 2025A stored cross-site scripting vulnerability in Rockwell Automation products allows authenticated attackers to inject malicious scripts into configurat...
Oct 14, 2025This CVE describes a cross-site request forgery vulnerability in Rockwell Automation products where missing CSRF checks allow attackers to modify conf...
Oct 14, 2025An authentication bypass vulnerability in FactoryTalk View Machine Edition's Web Browser ActiveX control allows attackers to gain unauthorized access ...
Oct 14, 2025An unauthenticated path traversal vulnerability in FactoryTalk View Machine Edition allows attackers on the same network to delete arbitrary files on ...
Oct 14, 2025This vulnerability allows authenticated Windows users to hijack the repair process of FTLinx's Microsoft Installer File (MSI), gaining a SYSTEM-level ...
Oct 14, 2025An over-permissive Redis instance in affected Rockwell Automation products allows intranet attackers to access and potentially modify sensitive data. ...
Sep 9, 2025A vulnerability in EN4TR devices allows attackers to cause denial of service by sending specially crafted messages during Forward Close operations. Th...
Sep 9, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in Rockwell Automation ThinManager software where authenticated attackers can fo...
Sep 9, 2025This vulnerability in FactoryTalk Optix MQTT broker allows remote attackers to load malicious Mosquito plugins due to insufficient URI sanitization, l...
Sep 9, 2025A cryptographic implementation flaw in FactoryTalk Activation Manager allows attackers to decrypt network traffic. This vulnerability affects all syst...
Sep 9, 2025This vulnerability allows attackers to bypass FTSP token validation in FactoryTalk Linx Network Browser by setting the NODE_ENV environment variable t...
Aug 14, 2025A heap-based buffer overflow vulnerability in Rockwell Automation Arena Simulation allows attackers to execute arbitrary code or disclose information ...
Aug 5, 2025A heap-based buffer overflow vulnerability in Rockwell Automation Arena Simulation allows attackers to execute arbitrary code or disclose information ...
Aug 5, 2025A buffer overflow vulnerability in Rockwell Automation Arena allows remote code execution when a user opens a malicious DOE file. This affects Arena S...
Jul 9, 2025A privilege escalation vulnerability in Rockwell Automation ThinManager allows attackers to inherit elevated permissions when temporary files are dele...
Apr 15, 2025A data exposure vulnerability in Rockwell Automation FactoryTalk AssetCentre allows threat actors to steal user authentication tokens due to insecure ...
Jan 30, 2025A critical encryption vulnerability in Rockwell Automation FactoryTalk AssetCentre allows attackers to extract other users' passwords due to weak encr...
Jan 30, 2025A memory corruption vulnerability in Rockwell Automation Arena allows attackers to write beyond allocated memory boundaries in DOE files. This could l...
Dec 19, 2024A use-after-free vulnerability in Rockwell Automation Arena allows arbitrary code execution when a user opens a malicious DOE file. This affects legit...
Dec 19, 2024An uninitialized variable vulnerability in Rockwell Automation Arena allows attackers to craft malicious DOE files that, when opened by a legitimate u...
Dec 5, 2024This CVE describes an out-of-bounds read vulnerability in Rockwell Automation Arena software that could allow arbitrary code execution. Attackers can ...
Dec 5, 2024A use-after-free vulnerability in Rockwell Automation Arena allows arbitrary code execution when a user opens a malicious DOE file. This affects legit...
Dec 5, 2024This CVE describes a remote code execution vulnerability in Rockwell Automation products where users can save projects to a public directory, allowing...
Nov 12, 2024CVE-2024-10386 is a critical authentication vulnerability in Rockwell Automation products that allows unauthenticated attackers with network access to...
Oct 25, 2024This vulnerability allows attackers to embed malicious VBA scripts in Rockwell Automation project files (RSP/RSS). When a legitimate user opens an inf...
Oct 14, 2024A denial-of-service vulnerability in Rockwell Automation PowerFlex 600T drives allows attackers to make the device unavailable by overloading it with ...
Oct 8, 2024An input validation vulnerability in Rockwell Automation Sequence Manager allows attackers to send malformed packets causing denial-of-service. The de...
Sep 27, 2024This CVE describes an incorrect privilege matrix vulnerability in Rockwell Automation products that allows authenticated users to access functions and...
Sep 12, 2024A denial-of-service vulnerability in Rockwell Automation products allows attackers to send specially crafted packets to the CIP Security Object, causi...
Sep 12, 2024CVE-2024-45826 is a path traversal and remote code execution vulnerability in ThinManager® that allows attackers to install executable files via craf...
Sep 12, 2024CVE-2024-45823 is an authentication bypass vulnerability in Rockwell Automation products where shared secrets across accounts allow threat actors to i...
Sep 12, 2024CVE-2024-45824 is a critical remote code execution vulnerability affecting Rockwell Automation products. Attackers can chain path traversal, command i...
Sep 12, 2024This vulnerability in Rockwell Automation ThinManager ThinServer allows attackers to read arbitrary files by exploiting directory junction points. It ...
Aug 23, 2024CVE-2024-7513 is a critical code execution vulnerability in Rockwell Automation products caused by improper default file permissions. Any user can edi...
Aug 14, 2024This vulnerability allows unencrypted transmission of sensitive data between Console and Dashboard components in Rockwell Automation products. Attacke...
Aug 14, 2024CVE-2024-7507 is a denial-of-service vulnerability in Rockwell Automation controllers where receiving a malformed PCCC message causes the controller t...
Aug 14, 2024This CVE appears to reference a vulnerability in Rockwell Automation FactoryTalk Policy Manager where improper privilege management (CWE-269) could al...
Jul 16, 2024CVE-2024-5990 is an improper input validation vulnerability in Rockwell Automation ThinServer™ that allows unauthenticated attackers to send malicio...
Jun 25, 2024CVE-2024-5988 is a critical remote code execution vulnerability in Rockwell Automation ThinManager ThinServer. Unauthenticated attackers can send mali...
Jun 25, 2024This privilege escalation vulnerability allows low-privilege users to edit scripts and bypass Access Control Lists in Rockwell Automation products. Th...
Jun 14, 2024An authentication bypass vulnerability in Rockwell Automation FactoryTalk View SE v12 allows remote users to access HMI projects without proper authen...
Jun 14, 2024This SQL injection vulnerability in Rockwell Automation FactoryTalk View SE Datalog function allows attackers to execute malicious SQL statements if d...
May 16, 2024A malformed fragmented packet can cause a major nonrecoverable fault in Rockwell Automation industrial controllers, rendering them unavailable and req...
Apr 15, 2024A memory corruption vulnerability in Rockwell Automation Arena Simulation allows arbitrary code execution when a user opens a malicious file. Attacker...
Mar 26, 2024A memory corruption vulnerability in Rockwell Automation Arena Simulation software allows attackers to execute arbitrary code by tricking users into o...
Mar 26, 2024Why Monitor Rockwellautomation Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 99+ known vulnerabilities affecting Rockwellautomation products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Rockwellautomation packages in under 60 seconds. No agents required - completely agentless scanning that works across Rockwellautomation deployments.
Free vulnerability database: Access detailed information about every Rockwellautomation CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Rockwellautomation CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
