cbcvebase.

Rockwell Automation Factorytalk Assetcentre vulnerabilities

12 known vulnerabilities affecting rockwell_automation/factorytalk_assetcentre.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH1

Vulnerabilities

Page 1 of 1
CVE-2021-27476P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27476 [CRITICAL] CWE-78 CVE-2021-27476: A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.
nvd
CVE-2021-27466P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27466 [CRITICAL] CWE-502 CVE-2021-27466: A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
nvd
CVE-2021-27468P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27468 [CRITICAL] CWE-89 CVE-2021-27468: The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
nvd
CVE-2021-27464P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27464 [CRITICAL] CWE-89 CVE-2021-27464: The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exp The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
nvd
CVE-2021-27462P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27462 [CRITICAL] CWE-502 CVE-2021-27462: A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation Fact A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
nvd
CVE-2021-27470P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27470 [CRITICAL] CWE-502 CVE-2021-27470: A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation Fact A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
nvd
CVE-2021-27472P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27472 [CRITICAL] CWE-89 CVE-2021-27472: A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation Fac A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
nvd
CVE-2021-27460P2CRITICALCVSS 9.8≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27460 [CRITICAL] CWE-502 CVE-2021-27460: Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endp Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent
nvd
CVE-2025-0498P3CRITICALCVSS 9.8vAll prior to V15.00.0012025-01-30
CVE-2025-0498 [CRITICAL] CWE-522 CVE-2025-0498: A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Fact A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user.
nvd
CVE-2025-0497P3CRITICALCVSS 9.8vAll prior to V15.00.0012025-01-30
CVE-2025-0497 [CRITICAL] CWE-522 CVE-2025-0497: A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Fact A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
nvd
CVE-2025-0477P3CRITICALCVSS 9.8vAll prior to V15.00.0012025-01-30
CVE-2025-0477 [CRITICAL] CWE-522 CVE-2025-0477: An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Factor An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
nvd
CVE-2021-27474P3HIGHCVSS 7.5≥ unspecified, ≤ v10.002022-03-23
CVE-2021-27474 [HIGH] CWE-676 CVE-2021-27474: Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functi Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.
nvd
Rockwell Automation Factorytalk Assetcentre vulnerabilities | cvebase