Rockwellautomation 1756-eweb
8 CVEs affecting Rockwellautomation 1756-eweb. Latest disclosed: 2013-01-24. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2012-6437 | Critical | 9.8 | 2013-01-24 | The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a… |
CVE-2012-6442 | High | 7.5 | 2013-01-24 | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/… |
CVE-2012-6438 | High | 7.5 | 2013-01-24 | The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 4481… |
CVE-2012-6436 | High | 7.5 | 2013-01-24 | The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 4481… |
CVE-2012-6435 | High | 7.5 | 2013-01-24 | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/… |
CVE-2012-6440 | Medium | 4.8 | 2013-01-24 | The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability… |
CVE-2012-6441 | | 2013-01-24 | An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818… | |
CVE-2012-6439 | | 2013-01-24 | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 448… |