cbcvebase.

Rockwellautomation Factorytalk Services Platform vulnerabilities

11 known vulnerabilities affecting rockwellautomation/factorytalk_services_platform.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-22681P1CRITICALCVSS 9.8KEV≥ 2.102021-03-03
CVE-2021-22681 [CRITICAL] CWE-522 CVE-2021-22681: Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 t Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 557
nvd
CVE-2020-14516P2CRITICALCVSS 10.0v6.10.00v6.11.002021-03-18
CVE-2020-14516 [CRITICAL] CWE-916 CVE-2020-14516: In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
nvd
CVE-2021-32960P3HIGHCVSS 8.8≤ 6.11.002022-04-01
CVE-2021-32960 [HIGH] CWE-863 CVE-2021-32960: Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enab Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they we
nvd
CVE-2024-21917P3CRITICALCVSS 9.1≤ 6.31.002024-01-31
CVE-2024-21917 [CRITICAL] CWE-347 CVE-2024-21917: A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user informat
nvd
CVE-2024-21915P3HIGHCVSS 8.8fixed in 2.742024-02-16
CVE-2024-21915 [HIGH] CWE-732 CVE-2024-21915: A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (F A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTS
nvd
CVE-2023-46290P3HIGHCVSS 8.1fixed in 2.802023-10-27
CVE-2023-46290 [HIGH] CWE-287 CVE-2023-46290: Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the Fac
nvd
CVE-2018-18981P3HIGHCVSS 7.5≤ 2.902019-01-24
CVE-2018-18981 [HIGH] CWE-122 CVE-2018-18981: In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated atta In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
nvd
CVE-2012-4714P3HIGHCVSS 7.8vcpr92013-04-18
CVE-2012-4714 [HIGH] CWE-189 CVE-2012-4714: Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) C Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value.
nvd
CVE-2012-4713P4HIGHCVSS 7.8vcpr92013-04-18
CVE-2012-4713 [HIGH] CWE-189 CVE-2012-4713: Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value.
nvd
CVE-2020-14478P4HIGHCVSS 7.1≤ 6.11.002022-02-24
CVE-2020-14478 [HIGH] CWE-611 CVE-2020-14478: A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly conf A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
nvd
CVE-2014-9209P4MEDIUMCVSS 6.9≤ 2.70.002015-03-31
CVE-2014-9209 [MEDIUM] CVE-2014-9209: Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryT Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
nvd
Rockwellautomation Factorytalk Services Platform vulnerabilities | cvebase