RSS   Vulnerabilities for 'Factorytalk assetcentre'   RSS

2022-03-23
 
CVE-2021-27460

CWE-502
 

 
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.

 
 
CVE-2021-27462

CWE-502
 

 
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

 
 
CVE-2021-27464

CWE-89
 

 
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

 
 
CVE-2021-27466

CWE-502
 

 
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

 
 
CVE-2021-27468

CWE-89
 

 
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

 
 
CVE-2021-27470

CWE-502
 

 
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

 
 
CVE-2021-27472

CWE-89
 

 
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.

 
 
CVE-2021-27474

CWE-863
 

 
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

 
 
CVE-2021-27476

CWE-78
 

 
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.

 

 >>> Vendor: Rockwellautomation 144 Products
Controllogix 1756-enbt/a ethernet/ ip bridge
Ab micrologix controller 1100
Ab micrologix controller 1400
1756-enbt series a
1756-enbt series a firmware
Eds hardware installation tool
Rslinx classic
Factorytalk diagnostics viewer
Rslogix
Factorytalk
Rslogix 5000
Ab micrologix controller
Plc-5 controller
Slc 500 controller
Controllogix controllers
Guardlogix controllers
Micrologix
Softlogix controllers
1756-enbt
1756-eweb
1768-enbt
1768-eweb
1794-aentr flex i/o ethernet/ip adapter
Compactlogix
Compactlogix controllers
Compactlogix l32e controller
Compactlogix l35e controller
Controllogix
Flexlogix 1788-enbt adapter
Guardlogix
Softlogix
Rslinx enterprise
Factorytalk services platform
Rslogix 5000 design and configuration software
Connected components workbench
Factorytalk view studio
Rsview32
Micrologix 1100 firmware
Micrologix 1400 firmware
1763-l16awa series a
1763-l16awa series b
1763-l16bbb series a
1763-l16bbb series b
1763-l16bwa series a
1763-l16bwa series b
1763-l16dwd series a
1763-l16dwd series b
Compactlogix controller 1769 firmware
Integrated architecture builder
Factorytalk energrymetrix
1766-l32awa
1766-l32awaa
1766-l32bwa
1766-l32bwaa
1766-l32bxb
1766-l32bxba
Rslogix 500 professional edition
Rslogix 500 standard edition
Rslogix 500 starter edition
Rslogix micro developer
Rslogix micro starter lite
1766-l32awa series b
1766-l32bxb series b
1766-l32awa series a
1766-l32bxb series a
1766-l32awaa series a
1766-l32bxba series b
1766-l32awaa series b
1766-l32bwaa series a
1766-l32bwa series b
1766-l32bwa series a
1766-l32bwaa series b
1766-l32bxba series a
Controllogix 5580 firmware
Compactlogix 5830 firmware
Panelview plus 6 700-1500 firmware
Softlogic
1763-l16dwd firmware
1763-l16bbb firmware
1763-l16bwa firmware
1763-l16awa firmware
Factorytalk alarms and events
1766-l32awa firmware
1766-l32awaa firmware
1766-l32bwa firmware
1766-l32bwaa firmware
1766-l32bxb firmware
1766-l32bxba firmware
Rslinx
Micrologix 1400 b firmware
Factorytalk activation
Arena
Allen-bradley l30erms firmware
1756-en2f series a firmware
1756-en2f series b firmware
1756-en2f series c firmware
1756-en2t series a firmware
1756-en2t series b firmware
1756-en2t series c firmware
1756-en2t series d firmware
See all Products for Vendor Rockwellautomation


Copyright 2024, cxsecurity.com

 

Back to Top