VYPR

Studio 5000 Logix Designer

by Rockwellautomation

CVEs (8)

  • CVE-2021-22681CriKEVMar 3, 2021
    risk 0.78cvss 9.8epss 0.25

    Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580;…

  • CVE-2022-1161CriApr 11, 2022
    risk 0.65cvss 10.0epss 0.05

    An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an…

  • CVE-2025-9437HigOct 14, 2025
    risk 0.57cvss epss 0.00

    A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model (COM) methods.

  • CVE-2019-25276HigFeb 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell…

  • CVE-2022-1159HigApr 1, 2022
    risk 0.50cvss 7.7epss 0.03

    Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.

  • CVE-2025-7971HigAug 14, 2025
    risk 0.47cvss epss 0.00

    A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash.

  • CVE-2020-12038MedMay 19, 2020
    risk 0.36cvss 5.5epss 0.03

    Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer…

  • CVE-2020-12025LowJul 14, 2020
    risk 0.22cvss 3.3epss 0.02

    Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program.