cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0477,https://securityvulnerability.io/vulnerability/CVE-2025-0477,Weak Encryption Vulnerability in Rockwell Automation FactoryTalk® AssetCentre,"An encryption vulnerability has been identified in Rockwell Automation's FactoryTalk® AssetCentre, affecting all versions prior to V15.00.001. This issue arises from a weak encryption methodology, which could potentially enable threat actors to extract user passwords. Organizations using vulnerable versions are urged to upgrade promptly to safeguard sensitive data and maintain the integrity of their operations.",Rockwell Automation,Factorytalk® Assetcentre,9.3,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T17:49:03.933Z,185
CVE-2025-0497,https://securityvulnerability.io/vulnerability/CVE-2025-0497,Data Exposure Vulnerability in Rockwell Automation FactoryTalk® AssetCentre,"A vulnerability exists in previous versions of Rockwell Automation's FactoryTalk® AssetCentre, where sensitive credentials are improperly stored in the configuration files of various packages, including EventLogAttachmentExtractor and ArchiveExtractor. This could potentially allow unauthorized access to critical information, compromising the integrity and confidentiality of sensitive data.",Rockwell Automation,Factorytalk® Assetcentre,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T17:40:51.775Z,0
CVE-2025-0498,https://securityvulnerability.io/vulnerability/CVE-2025-0498,Data Exposure Vulnerability in Rockwell Automation FactoryTalk® AssetCentre,"A data exposure vulnerability exists in all versions of Rockwell Automation FactoryTalk® AssetCentre prior to V15.00.001. This issue stems from the insecure storage of FactoryTalk® Security user tokens. As a result, malicious actors could potentially exploit this vulnerability to steal user tokens, thereby impersonating other users and gaining unauthorized access to sensitive information.",Rockwell Automation,Factorytalk® Assetcentre,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T17:36:12.542Z,0
CVE-2025-24482,https://securityvulnerability.io/vulnerability/CVE-2025-24482,Local Code Injection Vulnerability in Rockwell Automation Products,"A significant local code injection vulnerability has been identified in the FactoryTalk Services Platform. This issue arises from incorrect default permissions, enabling the execution of DLL files with escalated privileges. This behavior poses a risk of unauthorized code execution, potentially compromising system integrity and security. Users are advised to review their configurations and apply necessary updates to mitigate the potential risks associated with this vulnerability.",Rockwell Automation,Factorytalk® View Site Edition,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T20:59:50.868Z,0
CVE-2025-24481,https://securityvulnerability.io/vulnerability/CVE-2025-24481,Incorrect Permission Assignment Vulnerability in Rockwell Automation Products,"A vulnerability has been identified in Rockwell Automation’s Remote Debugger that stems from improper permission assignments to its remote debugger port. This oversight can result in unauthenticated access to sensitive system configurations, potentially allowing unauthorized users to manipulate system settings and increase the risk of exploitative actions within the environment.",Rockwell Automation,Factorytalk® View Site Edition,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T20:55:54.833Z,0
CVE-2025-24480,https://securityvulnerability.io/vulnerability/CVE-2025-24480,Remote Code Execution Vulnerability in Rockwell Automation Product,"A significant remote code execution vulnerability has been identified in Rockwell Automation's industrial software. This issue arises from inadequate input sanitization processes, which could be exploited by a remote attacker to execute arbitrary commands or code with elevated privileges. As a result, this vulnerability poses serious risks, making it essential for affected users to take immediate action to secure their systems against potential exploitation.",Rockwell Automation,Factorytalk® View Machine Edition,9.3,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T19:01:41.484Z,0
CVE-2025-24479,https://securityvulnerability.io/vulnerability/CVE-2025-24479,Local Code Execution Vulnerability in Windows by Rockwell Automation,"A Local Code Execution vulnerability exists in Windows products due to a default setting, potentially allowing attackers to gain elevated access to the Command Prompt. This vulnerability compromises system integrity and opens up avenues for unauthorized operations, making it critical for users to apply the necessary patches and mitigate risks as outlined by Rockwell Automation in their advisory.",Rockwell Automation,Factorytalk View Machine Edition,8.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T18:52:18.429Z,0
CVE-2025-24478,https://securityvulnerability.io/vulnerability/CVE-2025-24478,Denial-of-Service Vulnerability in Rockwell Automation Products,"A denial-of-service vulnerability has been identified within Rockwell Automation products that allows remote, non-privileged users to exploit the system. By sending specially crafted requests, an attacker could trigger a nonrecoverable fault, rendering the affected system inoperable. This vulnerability poses significant risks to operational continuity, emphasizing the need for immediate remediation to safeguard against potential exploitation.",Rockwell Automation,"Guardlogix 5580 Sil 3,Compact Guardlogix 5380 Sil 3",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T18:41:30.887Z,0
CVE-2025-0631,https://securityvulnerability.io/vulnerability/CVE-2025-0631,Credential Exposure Vulnerability in Rockwell Automation Products,"A credential exposure vulnerability in Rockwell Automation products occurs when sensitive information is transmitted using HTTP. This practice leads to credentials being sent in clear text, making them susceptible to interception by malicious actors. Organizations using affected Rockwell Automation products must ensure secure communication protocols are in place to safeguard against potential exploits.",Rockwell Automation,Powerflex 755,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T18:27:32.084Z,0
CVE-2025-0659,https://securityvulnerability.io/vulnerability/CVE-2025-0659,Path Traversal Vulnerability in Rockwell Automation DataEdge Platform,"A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud, enabling threat actors with admin privileges to exploit the vulnerable endpoint. By providing a specific character sequence in the request body, these actors can manipulate the file system, leading to the potential overwriting of sensitive files, including user reports and projects, beyond the intended directory. This vulnerability poses risks for data integrity and security, necessitating immediate attention from administrators.",Rockwell Automation,Dataedgeplatform Datamosaix™ Private Cloud,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T15:16:38.188Z,0
CVE-2024-11364,https://securityvulnerability.io/vulnerability/CVE-2024-11364,Code Execution Vulnerability Affecting Rockwell Automation Arena,"CVE-2024-11364 is a high-risk code execution vulnerability identified in Rockwell Automation's Arena® software. This vulnerability arises from an uninitialized variable that can be exploited by threat actors to execute arbitrary code. An attacker can craft a malicious DOE file that necessitates execution by a legitimate user, leading to potential unauthorized actions within the software environment. Due to the nature of this vulnerability, it represents a significant threat to the integrity and security of systems utilizing Arena® without adequate mitigations. Users are strongly advised to apply security patches and follow best practices to safeguard their systems.",Rockwell Automation,Arena®,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T21:04:52.473Z,0
CVE-2024-12672,https://securityvulnerability.io/vulnerability/CVE-2024-12672,Memory Corruption Vulnerability in Rockwell Automation Arena Products,"CVE-2024-12672 identifies a severe memory corruption vulnerability within Rockwell Automation's Arena® software. This flaw allows a malicious actor to write data beyond allocated memory boundaries in a DOE file. Successful exploitation requires a legitimate user to execute a specially crafted payload, potentially enabling arbitrary code execution. Organizations utilizing affected versions of Arena® should promptly apply security patches to mitigate the risk associated with this vulnerability.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:58:29.049Z,0
CVE-2024-12175,https://securityvulnerability.io/vulnerability/CVE-2024-12175,Exploring Code Execution Vulnerabilities in Rockwell Automation Arena®,"CVE-2024-12175 is a high-risk vulnerability classified as a 'use after free' code execution flaw affecting Rockwell Automation's Arena® software. This vulnerability allows a threat actor to manipulate the software by crafting a malformed DOE file that exploits a previously released resource. If successfully executed, this could permit the adversary to run arbitrary code within the application environment. To execute this exploit, the victim, typically a legitimate user, must unknowingly run the malicious code provided by the attacker. The implications of this vulnerability can lead to severe security breaches, making it essential for users to apply the latest security patches and remain vigilant against such exploits.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-19T20:53:22.926Z,0
CVE-2024-11157,https://securityvulnerability.io/vulnerability/CVE-2024-11157,Memory Boundary Vulnerability in Rockwell Automation Arena Software,"CVE-2024-11157 is a significant vulnerability found in Rockwell Automation Arena®, a simulation software widely used in industrial settings. This flaw allows attackers to conduct memory boundary violations when processing certain DOE files, enabling them to execute arbitrary code with the privileges of a legitimate user. The exploitation of this vulnerability requires an unsuspecting user to run malicious code crafted by the threat actor, potentially leading to severe data breaches or operational disruptions. Users of the affected versions should apply security patches immediately to mitigate risks.",Rockwell Automation,Arena®,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:48:35.802Z,0
CVE-2024-12371,https://securityvulnerability.io/vulnerability/CVE-2024-12371,Device Takeover Vulnerability in Rockwell Automation Power Monitor 1000,"A serious device takeover vulnerability in the Rockwell Automation Power Monitor 1000 enables unauthorized configuration of a new Policyholder user through an API without authentication. The Policyholder role possesses the highest level of privileges, granting the ability to create admin users, edit settings, and even perform factory resets. This flaw poses a significant risk to system integrity and requires immediate attention to secure affected installations.",Rockwell Automation,Power Monitor 1000,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T16:15:00.000Z,0
CVE-2024-12373,https://securityvulnerability.io/vulnerability/CVE-2024-12373,Denial-of-Service Vulnerability in Rockwell Automation Power Monitor 1000,"A denial-of-service vulnerability has been identified in the Rockwell Automation Power Monitor 1000, stemming from a buffer overflow issue. This vulnerability may allow attackers to disrupt the normal operation of the device, potentially making it unavailable for legitimate users and affecting overall system performance. Users are encouraged to apply the necessary security measures to safeguard their systems against this threat.",Rockwell Automation,Power Monitor 1000,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T16:15:00.000Z,0
CVE-2024-12372,https://securityvulnerability.io/vulnerability/CVE-2024-12372,Denial-of-Service and Remote Code Execution Vulnerability in Rockwell Automation Power Monitor 1000,"An identified vulnerability in the Rockwell Automation Power Monitor 1000 can lead to heap memory corruption, causing the system's integrity to be at risk. This may allow attackers the potential to execute arbitrary code remotely or disrupt services through denial-of-service attacks, severely impacting operational efficiency and security. Users of the affected product should assess their risk and consider implementing recommended security practices to address this vulnerability.",Rockwell Automation,Power Monitor 1000,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T16:15:00.000Z,0
CVE-2024-12130,https://securityvulnerability.io/vulnerability/CVE-2024-12130,Threat Actor Could Execute Arbitrary Code via Out of Bounds Read Vulnerability in Rockwell Automation Arena®,"An out of bounds read vulnerability in Rockwell Automation Arena allows a targeted attacker to craft a malicious DOE file that prompts the software to access memory beyond its allocated limits. This situation could be exploited to execute arbitrary code if a legitimate user unwittingly runs the compromised file. This vulnerability highlights the potential dangers associated with improperly handled memory access in software applications, urging users to remain vigilant and apply necessary security measures as soon as updates become available.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-05T17:47:21.917Z,0
CVE-2024-11158,https://securityvulnerability.io/vulnerability/CVE-2024-11158,Variable Uninitialized: A Threat to Software Security,"An “uninitialized variable” code execution vulnerability exists in the 

Rockwell Automation Arena®

 that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T17:41:57.954Z,0
CVE-2024-11156,https://securityvulnerability.io/vulnerability/CVE-2024-11156,"Threat Actor Could Write Beyond Memory Boundaries in Rockwell Automation Arena®, Executing Arbitrary Code","A vulnerability exists in Rockwell Automation Arena® that permits an out of bounds write condition, potentially leading to arbitrary code execution. This flaw allows a threat actor, with access to a legitimate user's environment, to craft malicious code that, when executed, can write beyond the limits of allocated memory in a DOE file. Exploitation of this vulnerability requires that the user runs the compromised code, underscoring the importance of user awareness and stringent security practices to mitigate risks.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-05T17:37:09.718Z,0
CVE-2024-11155,https://securityvulnerability.io/vulnerability/CVE-2024-11155,Threat Actor Could Execute Arbitrary Code via 'Use After Free' Vulnerability in Rockwell Automation Arena®,"A “use after free”  code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T17:32:22.847Z,0
CVE-2024-6068,https://securityvulnerability.io/vulnerability/CVE-2024-6068,Memory Corruption Vulnerability in Rockwell Automation Products,"A memory corruption issue exists within Rockwell Automation products that affects the parsing of DFT files. Local malicious actors can exploit this vulnerability by enticing legitimate users to open specially crafted DFT files. This can lead to unauthorized information disclosure and the execution of arbitrary code, posing significant security risks to the affected systems.",Rockwell Automation,Studio 5000 Logix Designer,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T17:15:00.000Z,0
CVE-2024-10944,https://securityvulnerability.io/vulnerability/CVE-2024-10944,Remote Code Execution Vulnerability in Rockwell Automation Products,"A vulnerability has been identified in certain Rockwell Automation products that allows for Remote Code Execution due to inadequate input validation processes. This issue can be exploited by an entity with elevated permissions, enabling the potential deployment of a malicious Updated Agent. Organizations utilizing these products should assess their systems for any risks associated with this vulnerability and implement necessary security measures.",Rockwell Automation,Various Rockwell Automation Products,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-10943,https://securityvulnerability.io/vulnerability/CVE-2024-10943,Authentication Bypass Vulnerability in Rockwell Automation Products,"An authentication bypass vulnerability has been identified in Rockwell Automation's software, stemming from shared secrets across user accounts. This vulnerability could allow an attacker to impersonate legitimate users by exploiting their ability to gather additional information during the authentication process, potentially leading to unauthorized access and manipulation of sensitive data.",Rockwell Automation,Rockwell Automation Software,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-10945,https://securityvulnerability.io/vulnerability/CVE-2024-10945,Local Privilege Escalation Vulnerability in Rockwell Automation Products,"A Local Privilege Escalation vulnerability has been identified in select products from Rockwell Automation. This flaw allows a local attacker with low privileges to exploit the vulnerability by replacing specific files during an update process. The underlying issue stems from inadequate security checks prior to the installation, enabling potential unauthorized access and control. Organizations using affected versions must prioritize audit and remediation efforts to safeguard against unauthorized alterations that could compromise system integrity.",Rockwell Automation,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0