VYPR
Vendor

Rockwellautomation

Products
178
CVEs
321
Across products
381
Status
Private

Products

178
View all 178 products →

Recent CVEs

321
View all 321 CVEs →
  • CVE-2010-2965CriAug 5, 2010
    risk 0.68cvss 9.8epss 0.58

    The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls,…

  • CVE-2017-16740CriJan 9, 2018
    risk 0.66cvss 10.0epss 0.07

    A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2016-9343CriFeb 13, 2017
    risk 0.66cvss 10.0epss 0.10

    An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able…

  • CVE-2018-14829CriSep 20, 2018
    risk 0.65cvss 9.8epss 0.16

    Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential…

  • CVE-2020-6990CriMar 16, 2020
    risk 0.64cvss 9.8epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the…

  • CVE-2017-7903CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…

  • CVE-2017-7902CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;…

  • CVE-2017-7899CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A…

  • CVE-2017-7898CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and…

  • CVE-2016-4522CriJul 28, 2016
    risk 0.64cvss 9.8epss 0.06

    SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-0868CriJan 28, 2016
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.

  • CVE-2015-6490CriOct 28, 2015
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-6437CriJan 24, 2013
    risk 0.64cvss 9.8epss 0.10

    The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability,…

  • CVE-2025-7353CriAug 14, 2025
    risk 0.61cvss epss 0.01

    A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution…

  • CVE-2024-12372CriDec 18, 2024
    risk 0.61cvss epss 0.01

    A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution…

  • CVE-2025-13036CriJun 16, 2026
    risk 0.60cvss epss 0.00

    An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.

  • CVE-2024-12373CriDec 18, 2024
    risk 0.60cvss epss 0.01

    A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.

  • CVE-2024-12371CriDec 18, 2024
    risk 0.60cvss epss 0.01

    A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating…

  • CVE-2026-0647HigJun 16, 2026
    risk 0.57cvss epss 0.00

    An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any…

  • CVE-2026-0646HigJun 16, 2026
    risk 0.57cvss epss 0.00

    A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to…