Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rockwellautomation factorytalk view - vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2020-14480
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
Rockwellautomation Factorytalk View
Rockwellautomation Factorytalk View 10.0
2.1
CVSSv2
CVE-2020-14481
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated malicious user to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account,...
Rockwellautomation Factorytalk View
Rockwellautomation Factorytalk View 10.0
6.9
CVSSv2
CVE-2014-9209
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform prior to 2.71.00 and FactoryTalk View Studio 8.00.00 and previous versions allows local users to gain privileges via a Trojan horse DLL in an unspecified dire...
Rockwellautomation Factorytalk Services Platform
Rockwellautomation Factorytalk View Studio
6.8
CVSSv2
CVE-2020-12029
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends...
Rockwellautomation Factorytalk View -
4
CVSSv2
CVE-2020-12027
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features ...
Rockwellautomation Factorytalk View
5.5
CVSSv2
CVE-2020-12028
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in securit...
Rockwellautomation Factorytalk View
4.6
CVSSv2
CVE-2020-12031
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290...
Rockwellautomation Factorytalk View
NA
CVE-2023-46289
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting i...
Rockwellautomation Factorytalk View
5
CVSSv2
CVE-2020-5807
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens F...
Rockwellautomation Factorytalk Diagnostics
NA
CVE-2023-2071
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated malicious user to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, t...
Rockwellautomation Factorytalk View
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started