Rockwellautomation Security Vulnerabilities (CVEs)
Track 99 security vulnerabilities affecting Rockwellautomation products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the web server through improper input validati...
Mar 25, 2024A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the device by sending multiple data packets re...
Mar 25, 2024A privilege escalation vulnerability in Rockwell Automation FactoryTalk Service Platform allows authenticated users with basic privileges to gain admi...
Feb 16, 2024A denial-of-service vulnerability in Rockwell Automation ControlLogix and GuardLogix controllers allows attackers to cause a major nonrecoverable faul...
Jan 31, 2024This vulnerability in Rockwell Automation FactoryTalk Service Platform allows attackers to steal service tokens and use them to authenticate to other ...
Jan 31, 2024CVE-2023-5908 is a buffer overflow vulnerability in KEPServerEX that could allow attackers to crash the software or leak sensitive information. This a...
Nov 30, 2023A memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software allows arbitrary code execution when a user opens a malicious ...
Oct 27, 2023This vulnerability in Rockwell Automation FactoryTalk View Site Edition allows threat actors to send malicious input that crashes the software, causin...
Oct 27, 2023CVE-2023-20198 is a critical vulnerability in Cisco IOS XE Software web UI that allows unauthenticated attackers to gain initial access and create loc...
Oct 16, 2023A buffer overflow vulnerability in Rockwell Automation 1756-EN* communication devices allows remote code execution via malicious CIP requests. This af...
Sep 20, 2023An integer overflow vulnerability in Rockwell Automation ThinManager ThinServer allows attackers to cause denial of service by sending crafted synchro...
Aug 17, 2023CVE-2023-2917 is a critical path traversal vulnerability in Rockwell Automation ThinManager Thinserver that allows unauthenticated remote attackers to...
Aug 17, 2023A path traversal vulnerability in Rockwell Automation ThinManager ThinServer allows remote attackers to read arbitrary files on the server's file syst...
Jul 18, 2023Rockwell Automation PowerMonitor 1000 has stored cross-site scripting vulnerabilities in publicly accessible web pages. Attackers can inject malicious...
Jul 11, 2023Rockwell Automation Enhanced HIM software has insufficient API protection with incorrect CORS settings, making it vulnerable to CSRF attacks. An attac...
Jul 11, 2023A denial-of-service vulnerability in Rockwell Automation FactoryTalk Transaction Manager allows attackers to crash the application or cause high resou...
Jun 13, 2023This vulnerability in Rockwell Automation's FactoryTalk System Services allows local authenticated non-admin users to generate administrator cookies u...
Jun 13, 2023Rockwell Automation Kinetix 5500 drives manufactured between May 2022 and January 2023 with firmware v7.13 have telnet and FTP ports open by default, ...
May 11, 2023This CSRF vulnerability in Rockwell Automation's FactoryTalk Vantagepoint allows attackers to trick authenticated users into performing unauthorized a...
May 11, 2023A cross-site scripting (XSS) vulnerability in Rockwell Automation's ArmorStart ST product allows attackers to inject malicious scripts into web pages....
May 11, 2023A cross-site scripting (XSS) vulnerability in Rockwell Automation's ArmorStart ST product allows attackers to inject malicious scripts into web pages....
May 11, 2023A memory buffer overflow vulnerability in Rockwell Automation's Arena Simulation software allows arbitrary code execution. This could let attackers ru...
May 9, 2023This is a heap buffer overflow vulnerability in Rockwell Automation's Arena Simulation software that allows arbitrary code execution. An attacker coul...
May 9, 2023CVE-2022-2825 is a critical buffer overflow vulnerability in Kepware KEPServerEX that allows unauthenticated remote attackers to execute arbitrary cod...
Mar 29, 2023This vulnerability in Rockwell Automation's ThinManager ThinServer allows unauthenticated remote attackers to trigger a heap-based buffer over-read by...
Mar 22, 2023CVE-2023-27855 is a critical path traversal vulnerability in Rockwell Automation's ThinManager ThinServer that allows unauthenticated remote attackers...
Mar 22, 2023This vulnerability is an integer overflow/wraparound in affected industrial control systems that could allow remote attackers to crash servers or exec...
Feb 23, 2023This vulnerability allows arbitrary code execution through insecure deserialization in Rockwell Automation engineering software. Attackers can craft m...
May 17, 2022This vulnerability allows attackers with program modification access to alter user program code on Rockwell Automation ControlLogix, CompactLogix, and...
Apr 11, 2022CVE-2021-32960 is an authentication bypass vulnerability in Rockwell Automation FactoryTalk Services Platform that allows authenticated remote attacke...
Apr 1, 2022This vulnerability allows attackers to craft malicious files that exploit path traversal when opened in Rockwell Automation Connected Components Workb...
Mar 23, 2022This vulnerability allows unauthenticated remote attackers to execute arbitrary SQL statements against Rockwell Automation FactoryTalk AssetCentre dat...
Mar 23, 2022This vulnerability in Rockwell Automation FactoryTalk AssetCentre allows remote, unauthenticated attackers to modify sensitive data by exploiting insu...
Mar 23, 2022This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands on Rockwell Automation FactoryTalk AssetCen...
Mar 23, 2022CVE-2021-27460 is a critical deserialization vulnerability in Rockwell Automation FactoryTalk AssetCentre that allows remote unauthenticated attackers...
Mar 23, 2022This critical vulnerability in Rockwell Automation FactoryTalk AssetCentre allows remote, unauthenticated attackers to execute arbitrary SQL statement...
Mar 23, 2022This critical vulnerability in Rockwell Automation FactoryTalk AssetCentre allows remote, unauthenticated attackers to execute arbitrary SQL statement...
Mar 23, 2022CVE-2020-25176 is a directory traversal vulnerability in Rockwell Automation ISaGRAF Runtime that allows remote, unauthenticated attackers to access a...
Mar 18, 2022Rockwell Automation ISaGRAF Runtime versions 4.x and 5.x store passwords in plaintext files in the same directory as the executable. This allows local...
Mar 18, 2022CVE-2020-14481 is a vulnerability in Rockwell Automation's FactoryTalk View SE DeskLock tool that uses weak encryption for stored credentials. This al...
Feb 24, 2022CVE-2021-33012 allows remote, unauthenticated attackers to send specially crafted commands that cause Rockwell Automation MicroLogix 1100 PLCs to faul...
Jul 9, 2021This vulnerability allows an authenticated attacker to intercept password change requests and replace the legitimate password hash with their own, loc...
Jun 3, 2021CVE-2020-14516 is a critical authentication bypass vulnerability in Rockwell Automation FactoryTalk Services Platform where SHA-256 password hashing f...
Mar 18, 2021This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in Rockwell Automation industrial control systems. It affects ...
Mar 3, 2021A heap-based buffer overflow vulnerability in multiple industrial OPC UA server products allows attackers to crash servers and potentially leak data b...
Jan 14, 2021A heap-based buffer overflow vulnerability in multiple industrial OPC UA server products allows attackers to crash servers and potentially leak data b...
Jan 14, 2021A heap overflow vulnerability in FactoryTalk Linx versions 6.11 and earlier allows remote, unauthenticated attackers to send malicious port ranges tha...
Nov 26, 2020A stack-based buffer overflow vulnerability in Rockwell Automation CompactLogix and Compact GuardLogix controllers allows attackers to send crafted HT...
May 1, 2019This vulnerability allows an attacker to send specially crafted SMTP packets to Rockwell Automation CompactLogix and Compact GuardLogix controllers, c...
May 1, 2019Why Monitor Rockwellautomation Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 99+ known vulnerabilities affecting Rockwellautomation products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Rockwellautomation packages in under 60 seconds. No agents required - completely agentless scanning that works across Rockwellautomation deployments.
Free vulnerability database: Access detailed information about every Rockwellautomation CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Rockwellautomation CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
