cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37369,https://securityvulnerability.io/vulnerability/CVE-2024-37369,Privilege Escalation Vulnerability Allows Low-Privilege Users to Bypass Access Control Lists,"A privilege escalation vulnerability is present in Rockwell Automation software that enables low-privilege users to modify scripts. This exploit circumvents established Access Control Lists (ACLs), which may result in unauthorized access and actions within the system. The impact of this vulnerability can lead to severe security risks, as it allows attackers to gain elevated privileges and control over sensitive system functionalities.",Rockwell Automation,Factorytalk® View Se,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-14T16:50:20.187Z,0
CVE-2024-37368,https://securityvulnerability.io/vulnerability/CVE-2024-37368,Remote User Authentication Vulnerability in FactoryTalk® View SE Allows Unauthorized Access to HMI Projects,"A user authentication flaw in Rockwell Automation's FactoryTalk® View SE allows unauthorized users from a remote system to send packets and access HMI projects without sufficient authentication checks. This oversight poses a significant risk, enabling potential exposure of critical data without proper safeguards.",Rockwell Automation,Factorytalk® View Se,7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-06-14T14:30:53.422Z,0
CVE-2024-37367,https://securityvulnerability.io/vulnerability/CVE-2024-37367,Remote User Authentication Vulnerability in FactoryTalk® View SE v12 Allows Unauthorized Access to HMI Projects,"A user authentication vulnerability exists in Rockwell Automation's FactoryTalk® View SE v12, allowing unauthorized access to HMI projects. A remote system leveraging the FTView protocol can send packets to the customer’s server, enabling the viewing of sensitive project data without appropriate authentication checks. This flaw highlights the need for stricter security measures to protect industrial automation environments from unauthorized access and potential exploitation.",Rockwell Automation,Factorytalk® View Se,7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-06-14T14:17:54.951Z,0
CVE-2024-4609,https://securityvulnerability.io/vulnerability/CVE-2024-4609,Rockwell Automation FactoryTalk® View SE Vulnerability Could Lead to Data Exposure and Modification,"A vulnerability in Rockwell Automation's FactoryTalk® View SE Datalog function allows attackers to inject malicious SQL statements into the system. This can occur if the SQL database lacks authentication or if legitimate credentials are compromised. Exploiting this vulnerability may lead to the exposure of sensitive information and potentially allow attackers to modify or delete data in a remote database. It is important to note that the impact of the attack would only affect the HMI design environment, not the runtime operations.",Rockwell Automation,Factorytalk® View Se,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-05-16T15:13:45.048Z,0
CVE-2020-14480,https://securityvulnerability.io/vulnerability/CVE-2020-14480,Local Credential Exposure in Windows Logon due to Memory Weakness,"A significant vulnerability exists due to usernames and passwords being stored in plaintext within Random Access Memory (RAM). This weakness could allow a local, authenticated attacker to access sensitive credentials, including those required for Windows Logon, potentially compromising the security of the affected systems.",Rockwell Automation,Factorytalk View Se,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-24T19:15:00.000Z,0
CVE-2020-14481,https://securityvulnerability.io/vulnerability/CVE-2020-14481,Weak Encryption Vulnerability in FactoryTalk View SE DeskLock Tool,"The DeskLock tool in FactoryTalk View SE is susceptible to a vulnerability due to the use of a weak encryption algorithm. This flaw allows a local, authenticated attacker to potentially decipher sensitive user credentials, which may include Windows user and DeskLock passwords. In instances where the compromised account contains administrative privileges, attackers could exploit this vulnerability to gain comprehensive access to the affected operating system and certain components of FactoryTalk View SE, posing significant security risks.",Rockwell Automation,Factorytalk View Se,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-24T19:15:00.000Z,0
CVE-2020-12028,https://securityvulnerability.io/vulnerability/CVE-2020-12028,Rockwell Automation FactoryTalk View SE,"In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",Rockwell Automation,Factorytalk View Se,7.3,HIGH,0.15672999620437622,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12027,https://securityvulnerability.io/vulnerability/CVE-2020-12027,Rockwell Automation FactoryTalk View SE,"All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",Rockwell Automation,Factorytalk View Se,4.3,MEDIUM,0.04326999932527542,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12031,https://securityvulnerability.io/vulnerability/CVE-2020-12031,Rockwell Automation FactoryTalk View SE,"In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",Rockwell Automation,Factorytalk View Se,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-07-20T16:15:00.000Z,0
CVE-2020-12029,https://securityvulnerability.io/vulnerability/CVE-2020-12029,Rockwell Automation FactoryTalk View SE,"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",Rockwell Automation,Factorytalk View Se,9,CRITICAL,0.06696999818086624,false,,false,false,false,,,false,false,,2020-07-20T15:15:00.000Z,0