Latest CVE Feed
-
10.0
CRITICALCVE-2021-27476
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk Asse... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.03
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-27475
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components ... Read more
Affected Products : connected_components_workbench- EPSS Score: %0.20
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27474
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.09
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-27473
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attac... Read more
Affected Products : connected_components_workbench- EPSS Score: %0.00
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27472
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.09
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-27471
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, ca... Read more
Affected Products : connected_components_workbench- EPSS Score: %0.05
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27470
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary comma... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.38
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27468
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.06
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27467
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to se... Read more
- EPSS Score: %0.17
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27466
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary c... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.10
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-27465
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attac... Read more
- EPSS Score: %0.17
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27464
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.03
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-27463
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the coo... Read more
- EPSS Score: %0.16
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27462
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary comma... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.11
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27461
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.... Read more
- EPSS Score: %0.33
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-27460
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthen... Read more
Affected Products : factorytalk_assetcentre- EPSS Score: %0.29
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27459
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.... Read more
- EPSS Score: %0.70
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27458
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All vers... Read more
Affected Products : pc10g-cpu_tcc-6353_firmware pc10ge_tcc-6464_firmware pc10p_tcc-6372_firmware pc10p-dp_tcc-6726_firmware pc10p-dp-io_tcc-6752_firmware pc10b-p_tcc-6373_firmware pc10b_tcc-1021_firmware pc10b-e\/c_tcu-6521_firmware pc10e_tcc-4737_firmware plus_cpu_tcc-6740_firmware +26 more products- EPSS Score: %0.26
- Published: Apr. 19, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-27457
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used fo... Read more
- EPSS Score: %0.06
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2021-27456
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.... Read more
- EPSS Score: %0.08
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024