rockwellautomation factorytalk services platform vulnerabilities and exploits

(subscribe to this query)

7.5

CVSSv2

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.

Rockwellautomation Factorytalk Services Platform 6.10.00 Rockwellautomation Factorytalk Services Platform 6.11.00

6.9

CVSSv2

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform prior to 2.71.00 and FactoryTalk View Studio 8.00.00 and previous versions allows local users to gain privileges via a Trojan horse DLL in an unspecified dire...

Rockwellautomation Factorytalk Services Platform Rockwellautomation Factorytalk View Studio

6

CVSSv2

Rockwell Automation FactoryTalk Services Platform v6.11 and previous versions, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated malicious user to bypass FactoryTalk Security policies based on the computer name. If suc...

Rockwellautomation Factorytalk Services Platform

5.6

CVSSv2

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the malicious user to arbitrarily read any ...

Rockwellautomation Factorytalk Services Platform

5.8

CVSSv2

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent malicious user to execute remote COM objects with elevated privileges.

Rockwellautomation Factorytalk Services Platform

NA

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directo...

Rockwellautomation Factorytalk Services Platform

10

CVSSv2

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.

Rockwellautomation Factorytalk Services Platform -

NA

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability...

Rockwellautomation Factorytalk Services Platform

7.8

CVSSv2

In Rockwell Automation FactoryTalk Services Platform 2.90 and previous versions, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affe...

Rockwellautomation Factorytalk Services Platform

7.8

CVSSv2

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote malicious users to cause a denial of service (service outage or RNADiagReceive...

Rockwellautomation Factorytalk Services Platform Cpr9

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook