VYPR

Vendor CVEs

Rockwellautomation

All CVEs

321 total · sorted by risk
  • CVE-2025-9282Jan 20, 2026
    risk 0.00cvss epss 0.01

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

  • CVE-2025-9281Jan 20, 2026
    risk 0.00cvss epss 0.01

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots

  • CVE-2025-9280Jan 20, 2026
    risk 0.00cvss epss 0.00

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.

  • CVE-2025-9279Jan 20, 2026
    risk 0.00cvss epss 0.01

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

  • CVE-2025-9278Jan 20, 2026
    risk 0.00cvss epss 0.00

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible.

  • CVE-2025-9466Jan 20, 2026
    risk 0.00cvss epss 0.01

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

  • CVE-2025-9465Jan 20, 2026
    risk 0.00cvss epss 0.00

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.

  • CVE-2025-9464Jan 20, 2026
    risk 0.00cvss epss 0.00

    A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive.

  • CVE-2025-11918Nov 14, 2025
    risk 0.00cvss epss 0.00

    Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting…

  • CVE-2025-9067Oct 14, 2025
    risk 0.00cvss epss 0.00

    A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with…

  • CVE-2025-9068Oct 14, 2025
    risk 0.00cvss epss 0.00

    A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for…

  • CVE-2025-9064Oct 14, 2025
    risk 0.00cvss epss 0.01

    A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of…

  • CVE-2025-9063Oct 14, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic…

  • CVE-2025-9161Sep 9, 2025
    risk 0.00cvss epss 0.01

    A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution.

  • CVE-2025-9065Sep 9, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM…

  • CVE-2025-7970Sep 9, 2025
    risk 0.00cvss epss 0.00

    A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

  • CVE-2025-9166Sep 9, 2025
    risk 0.00cvss epss 0.00

    A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller.

  • CVE-2025-8007Sep 9, 2025
    risk 0.00cvss epss 0.00

    A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

  • CVE-2025-8008Sep 9, 2025
    risk 0.00cvss epss 0.01

    A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.

  • CVE-2025-7972Aug 14, 2025
    risk 0.00cvss epss 0.00

    A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.

  • CVE-2025-7033Aug 5, 2025
    risk 0.00cvss epss 0.00

    A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute…

  • CVE-2025-7032Aug 5, 2025
    risk 0.00cvss epss 0.00

    A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute…

  • CVE-2025-7025Aug 5, 2025
    risk 0.00cvss epss 0.00

    A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute…

  • CVE-2025-6376Jul 9, 2025
    risk 0.00cvss epss 0.00

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the…

  • CVE-2025-6377Jul 9, 2025
    risk 0.00cvss epss 0.00

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the…

  • CVE-2025-3618Apr 15, 2025
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.

  • CVE-2025-3617Apr 15, 2025
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat…

  • CVE-2025-3289Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the…

  • CVE-2025-3288Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-3287Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the…

  • CVE-2025-3286Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-3285Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2829Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2293Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2288Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2287Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2025-2286Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2025-2285Apr 8, 2025
    risk 0.00cvss epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2025-0477Jan 30, 2025
    risk 0.00cvss epss 0.00

    An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.

  • CVE-2025-0497Jan 30, 2025
    risk 0.00cvss epss 0.00

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or…

  • CVE-2025-0498Jan 30, 2025
    risk 0.00cvss epss 0.00

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate…

  • CVE-2024-11364Dec 19, 2024
    risk 0.00cvss epss 0.00

    Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage…

  • CVE-2024-12672Dec 19, 2024
    risk 0.00cvss epss 0.00

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this…

  • CVE-2024-12175Dec 19, 2024
    risk 0.00cvss epss 0.00

    Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this…

  • CVE-2024-11157Dec 19, 2024
    risk 0.00cvss epss 0.00

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this…

  • CVE-2024-12130Dec 5, 2024
    risk 0.00cvss epss 0.00

    An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this…

  • CVE-2024-11158Dec 5, 2024
    risk 0.00cvss epss 0.00

    An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage…

  • CVE-2024-11156Dec 5, 2024
    risk 0.00cvss epss 0.00

    An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute…

  • CVE-2024-11155Dec 5, 2024
    risk 0.00cvss epss 0.00

    A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to…

  • CVE-2024-37365Nov 12, 2024
    risk 0.00cvss epss 0.00

    A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this…

Page 3 of 7