cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24482,https://securityvulnerability.io/vulnerability/CVE-2025-24482,Local Code Injection Vulnerability in Rockwell Automation Products,"A significant local code injection vulnerability has been identified in the FactoryTalk Services Platform. This issue arises from incorrect default permissions, enabling the execution of DLL files with escalated privileges. This behavior poses a risk of unauthorized code execution, potentially compromising system integrity and security. Users are advised to review their configurations and apply necessary updates to mitigate the potential risks associated with this vulnerability.",Rockwell Automation,Factorytalk® View Site Edition,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T20:59:50.868Z,0
CVE-2025-24481,https://securityvulnerability.io/vulnerability/CVE-2025-24481,Incorrect Permission Assignment Vulnerability in Rockwell Automation Products,"A vulnerability has been identified in Rockwell Automation’s Remote Debugger that stems from improper permission assignments to its remote debugger port. This oversight can result in unauthenticated access to sensitive system configurations, potentially allowing unauthorized users to manipulate system settings and increase the risk of exploitative actions within the environment.",Rockwell Automation,Factorytalk® View Site Edition,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T20:55:54.833Z,0
CVE-2025-24480,https://securityvulnerability.io/vulnerability/CVE-2025-24480,Remote Code Execution Vulnerability in Rockwell Automation Product,"A significant remote code execution vulnerability has been identified in Rockwell Automation's industrial software. This issue arises from inadequate input sanitization processes, which could be exploited by a remote attacker to execute arbitrary commands or code with elevated privileges. As a result, this vulnerability poses serious risks, making it essential for affected users to take immediate action to secure their systems against potential exploitation.",Rockwell Automation,Factorytalk® View Machine Edition,9.3,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:01:41.484Z,0
CVE-2025-24479,https://securityvulnerability.io/vulnerability/CVE-2025-24479,Local Code Execution Vulnerability in Windows by Rockwell Automation,"A Local Code Execution vulnerability exists in Windows products due to a default setting, potentially allowing attackers to gain elevated access to the Command Prompt. This vulnerability compromises system integrity and opens up avenues for unauthorized operations, making it critical for users to apply the necessary patches and mitigate risks as outlined by Rockwell Automation in their advisory.",Rockwell Automation,Factorytalk View Machine Edition,8.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T18:52:18.429Z,0
CVE-2024-45824,https://securityvulnerability.io/vulnerability/CVE-2024-45824,Remote Code Execution Vulnerability in Rockwell Automation Products,"A significant remote code execution vulnerability exists in certain Rockwell Automation products. This vulnerability is particularly dangerous as it can be exploited through a combination of Path Traversal, Command Injection, and Cross-Site Scripting (XSS) vulnerabilities. Successful exploitation enables an attacker to execute arbitrary code on the affected systems without requiring authentication, potentially leading to unauthorized access and control over critical systems. Users are urged to review the provided mitigation guidelines to safeguard against this vulnerability.",Rockwell Automation,Factorytalk View,9.8,CRITICAL,0.001019999966956675,false,,false,false,false,,,false,false,,2024-09-12T14:16:00.000Z,0
CVE-2024-37369,https://securityvulnerability.io/vulnerability/CVE-2024-37369,Privilege Escalation Vulnerability Allows Low-Privilege Users to Bypass Access Control Lists,"A privilege escalation vulnerability is present in Rockwell Automation software that enables low-privilege users to modify scripts. This exploit circumvents established Access Control Lists (ACLs), which may result in unauthorized access and actions within the system. The impact of this vulnerability can lead to severe security risks, as it allows attackers to gain elevated privileges and control over sensitive system functionalities.",Rockwell Automation,Factorytalk® View Se,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-14T16:50:20.187Z,0
CVE-2024-37368,https://securityvulnerability.io/vulnerability/CVE-2024-37368,Remote User Authentication Vulnerability in FactoryTalk® View SE Allows Unauthorized Access to HMI Projects,"A user authentication flaw in Rockwell Automation's FactoryTalk® View SE allows unauthorized users from a remote system to send packets and access HMI projects without sufficient authentication checks. This oversight poses a significant risk, enabling potential exposure of critical data without proper safeguards.",Rockwell Automation,Factorytalk® View Se,7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-06-14T14:30:53.422Z,0
CVE-2024-37367,https://securityvulnerability.io/vulnerability/CVE-2024-37367,Remote User Authentication Vulnerability in FactoryTalk® View SE v12 Allows Unauthorized Access to HMI Projects,"A user authentication vulnerability exists in Rockwell Automation's FactoryTalk® View SE v12, allowing unauthorized access to HMI projects. A remote system leveraging the FTView protocol can send packets to the customer’s server, enabling the viewing of sensitive project data without appropriate authentication checks. This flaw highlights the need for stricter security measures to protect industrial automation environments from unauthorized access and potential exploitation.",Rockwell Automation,Factorytalk® View Se,7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-06-14T14:17:54.951Z,0
CVE-2024-4609,https://securityvulnerability.io/vulnerability/CVE-2024-4609,Rockwell Automation FactoryTalk® View SE Vulnerability Could Lead to Data Exposure and Modification,"A vulnerability in Rockwell Automation's FactoryTalk® View SE Datalog function allows attackers to inject malicious SQL statements into the system. This can occur if the SQL database lacks authentication or if legitimate credentials are compromised. Exploiting this vulnerability may lead to the exposure of sensitive information and potentially allow attackers to modify or delete data in a remote database. It is important to note that the impact of the attack would only affect the HMI design environment, not the runtime operations.",Rockwell Automation,Factorytalk® View Se,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-05-16T15:13:45.048Z,0
CVE-2024-21914,https://securityvulnerability.io/vulnerability/CVE-2024-21914,Remote Terminal Restart Vulnerability Affects Rockwell Automation PanelView™ Plus 7,"
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.

",Rockwell Automation,Factorytalk® View Me,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-25T21:27:18.975Z,0
CVE-2023-46289,https://securityvulnerability.io/vulnerability/CVE-2023-46289,Rockwell Automation FactoryTalk® View Site Edition Vulnerable to Improper Input Validation,"Rockwell Automation's FactoryTalk View Site Edition exhibits insufficient validation of user input, which can be exploited by threat actors to send harmful data. This vulnerability has the potential to disrupt system availability, leading to a denial-of-service condition. In the event of exploitation, the affected system may require a restart for recovery, which poses significant risks to operational continuity.",Rockwell Automation,"FactoryTalk® View Site Edition ",7.5,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-10-27T19:15:00.000Z,0
CVE-2020-14480,https://securityvulnerability.io/vulnerability/CVE-2020-14480,Local Credential Exposure in Windows Logon due to Memory Weakness,"A significant vulnerability exists due to usernames and passwords being stored in plaintext within Random Access Memory (RAM). This weakness could allow a local, authenticated attacker to access sensitive credentials, including those required for Windows Logon, potentially compromising the security of the affected systems.",Rockwell Automation,Factorytalk View Se,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-24T19:15:00.000Z,0
CVE-2020-14481,https://securityvulnerability.io/vulnerability/CVE-2020-14481,Weak Encryption Vulnerability in FactoryTalk View SE DeskLock Tool,"The DeskLock tool in FactoryTalk View SE is susceptible to a vulnerability due to the use of a weak encryption algorithm. This flaw allows a local, authenticated attacker to potentially decipher sensitive user credentials, which may include Windows user and DeskLock passwords. In instances where the compromised account contains administrative privileges, attackers could exploit this vulnerability to gain comprehensive access to the affected operating system and certain components of FactoryTalk View SE, posing significant security risks.",Rockwell Automation,Factorytalk View Se,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-24T19:15:00.000Z,0
CVE-2020-12031,https://securityvulnerability.io/vulnerability/CVE-2020-12031,Rockwell Automation FactoryTalk View SE,"In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",Rockwell Automation,Factorytalk View Se,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12028,https://securityvulnerability.io/vulnerability/CVE-2020-12028,Rockwell Automation FactoryTalk View SE,"In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",Rockwell Automation,Factorytalk View Se,7.3,HIGH,0.15672999620437622,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12027,https://securityvulnerability.io/vulnerability/CVE-2020-12027,Rockwell Automation FactoryTalk View SE,"All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",Rockwell Automation,Factorytalk View Se,4.3,MEDIUM,0.04326999932527542,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12029,https://securityvulnerability.io/vulnerability/CVE-2020-12029,Rockwell Automation FactoryTalk View SE,"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",Rockwell Automation,Factorytalk View Se,9,CRITICAL,0.06696999818086624,false,,false,false,false,,,false,false,,2020-07-20T15:15:00.000Z,0