Filtered by vendor Rockwellautomation
Subscribe
Filtered by product Factorytalk Assetcentre
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27476 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. | |||||
| CVE-2021-27470 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27460 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines. | |||||
| CVE-2021-27462 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27474 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre. | |||||
| CVE-2021-27466 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||