Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rockwell Automation — Vulnerabilities & Security Advisories 259

Browse all 259 CVE security advisories affecting Rockwell Automation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rockwell Automation specializes in industrial automation and information integration, providing critical control systems for manufacturing and process industries. Its software portfolio, including FactoryTalk and PlantPAx, manages complex operational technology environments, making it a high-value target for threat actors seeking to disrupt industrial infrastructure. Historical vulnerability data reveals a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy components or insufficient input validation in web-based interfaces. Notable incidents include the 2018 discovery of backdoors in FactoryTalk View SE, which allowed unauthorized access to industrial control systems. These vulnerabilities highlight the persistent risk of insecure default configurations and unpatched legacy systems within industrial networks. The sheer volume of recorded CVEs underscores the complexity of securing interconnected OT/IT environments, where updates must balance operational continuity with rigorous security hygiene to prevent catastrophic physical or data breaches.

Top products by Rockwell Automation: Arena® Arena Simulation ArmorStart ST ArmorStart® LT FactoryTalk AssetCentre 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules ThinManager ThinServer FactoryTalk View SE ThinManager® ThinServer™ ISaGRAF Runtime RSLinx Classic Pavilion8® ControlLogix® 5580 FactoryTalk® View SE Verve Asset Manager Arena® Simulation RSLinx Enterprise Software FactoryTalk Updater FactoryTalk View Machine Edition ThinManager PM1k 1408-BC3A-485 FactoryTalk® AssetCentre FactoryTalk System Services Comms - 1783-NATR FactoryTalk® DataMosaix™ Private Cloud ISaGRAF Workbench Connected Components Workbench CompactLogix 5380 controllers Micro820®, Micro850®, Micro870® FactoryTalk® Service Platform
CVE IDTitleCVSSSeverityPublished
CVE-2023-29026 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-20 4.7 Medium2023-05-11
CVE-2023-29025 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-79 4.7 Medium2023-05-11
CVE-2023-29024 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-79 5.5 Medium2023-05-11
CVE-2023-29023 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-79 7.0 High2023-05-11
CVE-2023-29030 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-79 7.0 High2023-05-11
CVE-2023-29031 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack — ArmorStart STCWE-79 7.0 High2023-05-11
CVE-2023-29462 Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability — Arena SimulationCWE-787 7.8 High2023-05-09
CVE-2023-29461 Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability — Arena SimulationCWE-125 7.8 High2023-05-09
CVE-2023-29460 Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability — Arena SimulationCWE-125 7.8 High2023-05-09
CVE-2023-27857 Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow — ThinManager ThinServerCWE-125 7.5 High2023-03-22
CVE-2023-27856 Rockwell Automation ThinManager ThinServer Path Traversal Download — ThinManager ThinServerCWE-22 7.5 High2023-03-21
CVE-2023-27855 Rockwell Automation ThinManager ThinServer Path Traversal Upload — ThinManager ThinServerCWE-22 9.8 Critical2023-03-21
CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server Could Leak Sensitive Information — Modbus TCP Server Add On InstructionsCWE-200 5.3 Medium2023-03-17
CVE-2022-3156 Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability — Studio 5000 Logix EmulateCWE-287 7.8 High2022-12-27
CVE-2022-3752 Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack — CompactLogix 5480CWE-20 8.6 High2022-12-19
CVE-2022-3157 Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack — CompactLogix 5370CWE-20 8.6 High2022-12-16
CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack — MicroLogix 1100 & 1400 ControllersCWE-79 7.1 High2022-12-16
CVE-2022-3166 MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack — MicroLogix 1100CWE-924 7.5 High2022-12-16
CVE-2022-38744 FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack — FactoryTalk Alarm and Events ServerCWE-287 7.5 High2022-10-27
CVE-2022-38742 Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack — ThinManager ThinServerCWE-122 8.1 High2022-09-23
CVE-2022-2465 ISaGRAF Workbench Deserialization of Untrusted Data CWE-502 — ISaGRAF WorkbenchCWE-502 8.6 High2022-08-25
CVE-2022-2464 ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 — ISaGRAF WorkbenchCWE-22 7.7 High2022-08-25
CVE-2022-2463 ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 — ISaGRAF WorkbenchCWE-22 6.1 Medium2022-08-25
CVE-2020-6998 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation — Armor Compact GuardLogix 5370 controllers 5.8 Medium2022-07-27
CVE-2022-2179 ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames — MicroLogix 1400CWE-1021 6.5 Medium2022-07-20
CVE-2022-1797 Rockwell Automation Logix Controllers Uncontrolled Resource Consumption — CompactLogix 5380 controllersCWE-400 6.8 Medium2022-05-31
CVE-2022-1118 Rockwell Automation ISaGRAF Deserialization of Untrusted Data — Connected Component WorkbenchCWE-502 8.6 High2022-05-17
CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers — 1768 CompactLogix controllersCWE-829 10.0 Critical2022-04-11
CVE-2022-1159 Rockwell Automation Studio 5000 Logix Designer Code Injection — Studio 5000 Logix DesignerCWE-94 7.7 High2022-04-01
CVE-2022-1018 ICSA-22-088-01 Rockwell Automation ISaGRAF — Connected Component WorkbenchCWE-611 5.5 Medium2022-04-01

This page lists every published CVE security advisory associated with Rockwell Automation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.