Rockwellautomation Factorytalk Services Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Rockwellautomation Factorytalk Services Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2020-14516 — CVSS 10.0 (critical): In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256…
CVE-2024-21917 — CVSS 9.8 (critical): A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and…
CVE-2020-6967 — CVSS 9.8 (critical): In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk…
CVE-2024-21915 — CVSS 9.0 (critical): A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user…
CVE-2020-12033 — CVSS 8.8 (high): In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied…
CVE-2021-32960 — CVSS 8.5 (high): Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a…
CVE-2023-46290 — CVSS 8.1 (high): Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the…
CVE-2012-4713 — CVSS 7.8 (high): Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2…
CVE-2012-4714 — CVSS 7.8 (high): Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3…
CVE-2018-18981 — CVSS 7.5 (high): In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted…
CVE-2020-14478 — CVSS 7.1 (high): A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or…
CVE-2014-9209 — CVSS 6.9 (medium): Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00…