Rockwellautomation Factorytalk_services_platform
13 CVEs affecting Rockwellautomation Factorytalk_services_platform. Latest disclosed: 2024-02-16. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-14516 | Critical | 10.0 | 2021-03-18 | In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm w… |
CVE-2024-21917 | Critical | 9.8 | 2024-01-31 | A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authenticat… |
CVE-2021-22681 | Critical | 9.8 | 2021-03-03 | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communi… |
CVE-2020-6967 | Critical | 9.8 | 2020-03-23 | In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .N… |
CVE-2024-21915 | Critical | 9.0 | 2024-02-16 | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group… |
CVE-2020-12033 | High | 8.8 | 2020-06-23 | In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which co… |
CVE-2021-32960 | High | 8.5 | 2022-04-01 | Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a… |
CVE-2023-46290 | High | 8.1 | 2023-10-27 | Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Servic… |
CVE-2018-18981 | High | 7.5 | 2019-01-24 | In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports r… |
CVE-2020-14478 | High | 7.1 | 2022-02-24 | A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A succe… |
CVE-2014-9209 | | 2015-03-31 | Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View S… | |
CVE-2012-4714 | | 2013-04-18 | Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9… | |
CVE-2012-4713 | | 2013-04-18 | Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-S… |