Filtered by vendor Rockwellautomation
Subscriptions
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0473 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2009-3739 | 1 Rockwellautomation | 2 Ab Micrologix Controller 1100, Ab Micrologix Controller 1400 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. | ||||
| CVE-2009-0472 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-0474 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2026-04-23 | N/A |
| The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. | ||||
| CVE-2025-9177 | 1 Rockwellautomation | 1 1715-aentr Ethernet/ip Adapter | 2026-04-15 | N/A |
| A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communication . A power cycle is required to recover and utilize the webpage. | ||||
| CVE-2025-14377 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024. | ||||
| CVE-2025-7350 | 1 Rockwellautomation | 1 Stratix | 2026-04-15 | N/A |
| A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication. | ||||
| CVE-2025-7971 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-04-15 | N/A |
| A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. | ||||
| CVE-2024-7567 | 1 Rockwellautomation | 2 Micro850 Firmware, Micro870 Firmware | 2026-04-15 | N/A |
| A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration. | ||||
| CVE-2025-9160 | 1 Rockwellautomation | 2 Compactlogix, Compactlogix 5480 | 2026-04-15 | N/A |
| A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution. | ||||
| CVE-2025-7353 | 1 Rockwellautomation | 1 Controllogix | 2026-04-15 | N/A |
| A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow. | ||||
| CVE-2025-9036 | 1 Rockwellautomation | 1 Factorytalk Action Manager | 2026-04-15 | N/A |
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | ||||
| CVE-2025-9041 | 1 Rockwellautomation | 1 Flex 5000 Io | 2026-04-15 | N/A |
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | ||||
| CVE-2025-11743 | 1 Rockwellautomation | 1 Compactlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover. | ||||
| CVE-2024-6079 | 1 Rockwellautomation | 1 Emulate3d | 2026-04-15 | N/A |
| A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. | ||||
| CVE-2025-14027 | 1 Rockwellautomation | 1 Controllogix | 2026-04-15 | N/A |
| Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart. | ||||
| CVE-2025-11862 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API. | ||||
| CVE-2025-7973 | 1 Rockwellautomation | 1 Factorytalk View | 2026-04-15 | N/A |
| A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. | ||||
| CVE-2025-9124 | 1 Rockwellautomation | 1 Compact Guardlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | ||||
| CVE-2025-7773 | 1 Rockwellautomation | 1 Armorblock 5000 Io | 2026-04-15 | N/A |
| A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable. | ||||