Rockwell Automation — Vulnerabilities & Security Advisories 259

Browse all 259 CVE security advisories affecting Rockwell Automation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rockwell Automation specializes in industrial automation and information integration, providing critical control systems for manufacturing and process industries. Its software portfolio, including FactoryTalk and PlantPAx, manages complex operational technology environments, making it a high-value target for threat actors seeking to disrupt industrial infrastructure. Historical vulnerability data reveals a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy components or insufficient input validation in web-based interfaces. Notable incidents include the 2018 discovery of backdoors in FactoryTalk View SE, which allowed unauthorized access to industrial control systems. These vulnerabilities highlight the persistent risk of insecure default configurations and unpatched legacy systems within industrial networks. The sheer volume of recorded CVEs underscores the complexity of securing interconnected OT/IT environments, where updates must balance operational continuity with rigorous security hygiene to prevent catastrophic physical or data breaches.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-12130	Rockwell Automation Arena® Out of Bounds Read Vulnerability — Arena®CWE-125	8.4	-	2024-12-05
CVE-2024-11158	Rockwell Automation Arena® Uninitialized Vulnerability — Arena®CWE-665	7.8	-	2024-12-05
CVE-2024-11156	Rockwell Automation Arena® Out of Bounds Write Vulnerability — Arena®CWE-787	8.4	-	2024-12-05
CVE-2024-11155	Rockwell Automation Arena® Use After Free Vulnerability — Arena®CWE-416	7.8	-	2024-12-05
CVE-2024-6068	Input Validation Vulnerability exists in Arena® Input Analyzer — Arena Input AnalyzerCWE-1284	7.3	High	2024-11-14
CVE-2024-10945	FactoryTalk® Updater Local Privilege Escalation — FactoryTalk UpdaterCWE-754	7.3	High	2024-11-12
CVE-2024-10944	FactoryTalk® Updater Remote Code Execution — FactoryTalk UpdaterCWE-20	8.4	High	2024-11-12
CVE-2024-10943	FactoryTalk® Updater Authentication Bypass — FactoryTalk UpdaterCWE-922	9.1	Critical	2024-11-12
CVE-2024-37365	FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path — FactoryTalk View Machine EditionCWE-20	7.3	High	2024-11-12
CVE-2024-10387	Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability — FactoryTalk ThinManagerCWE-125	7.5	High	2024-10-25
CVE-2024-10386	Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability — FactoryTalk ThinManagerCWE-306	9.8	Critical	2024-10-25
CVE-2024-6207	Rockwell Automation多款产品安全漏洞 — ControlLogix® 5580CWE-20	7.5	High	2024-10-14
CVE-2024-7847	RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script — RSLogix 500®CWE-345	7.7	High	2024-10-14
CVE-2024-9412	Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager — Verve® Asset ManagerCWE-842	5.3^AI	Medium^AI	2024-10-08
CVE-2024-8626	Logix Controllers Vulnerable to Denial-of-Service Vulnerability — CompactLogix 5380 controllersCWE-400	7.5^AI	High^AI	2024-10-08
CVE-2024-9124	Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability — Drives - PowerFlex 6000TCWE-754	7.5^AI	High^AI	2024-10-08
CVE-2024-6436	Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server — SequenceManager™CWE-20	8.6^AI	High^AI	2024-09-27
CVE-2024-7961	Rockwell Automation Path Traversal Vulnerability in Pavilion8® — Pavilion8®CWE-22	9.8^AI	Critical^AI	2024-09-12
CVE-2024-7960	Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8® — Pavilion8®CWE-269	8.1^AI	High^AI	2024-09-12
CVE-2024-8533	Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions — 2800C OptixPanel™ CompactCWE-269	7.8^AI	High^AI	2024-09-12
CVE-2024-6077	Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP — CompactLogix 5380CWE-20	7.5^AI	High^AI	2024-09-12
CVE-2024-45826	ThinManager® Code Execution Vulnerability — ThinManagerCWE-610	6.8	Medium	2024-09-12
CVE-2024-45825	5015-U8IHFT Denial-of-Service Vulnerability via CIP Message — 5015-U8IHFTCWE-20	7.5	High	2024-09-12
CVE-2024-45823	FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets — FactoryTalk® Batch View™CWE-287	8.1	High	2024-09-12
CVE-2024-45824	FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation — FactoryTalk View Site EditionCWE-77	9.8	Critical	2024-09-12
CVE-2024-7988	ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities — ThinManager® ThinServer™CWE-20	9.8^AI	Critical^AI	2024-08-26
CVE-2024-7987	Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities — ThinManager® ThinServer™	6.7^AI	Medium^AI	2024-08-26
CVE-2024-7986	Rockwell Automation ThinManager® ThinServer™ Information Disclosure — ThinManager® ThinServer™CWE-732	7.5^AI	High^AI	2024-08-23
CVE-2024-40620	Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol — Pavilion8®CWE-311	7.5^AI	High^AI	2024-08-14
CVE-2024-40619	Rockwell Automation GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling — ControlLogix® 5580CWE-754	7.5^AI	High^AI	2024-08-14

This page lists every published CVE security advisory associated with Rockwell Automation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Rockwell Automation — Vulnerabilities & Security Advisories 259