Archive
All findings from 2025 onward
Showing
147
findings
Source
Severity
2026
March 2026 (6 findings)▼
Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks SecurityWeek
CISA Flags Hikvision Camera & Rockwell Logix Vulnerabilities as Actively Exploited SOCRadar® Cyber Intelligence Inc.
3 Apple flaws from Coruna exploit kit added to CISA vulnerability list SC Media
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog The Hacker News
CVE-2021-22681
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this
January 2026 (11 findings)▼
CVE-2025-14027
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.
CVE-2025-9464 CVE-2025-9465 CVE-2025-9466 CVE-2025-9278 CVE-2025-9279 CVE-2025-9280 CVE-2025-9281 CVE-2025-9282 CVE-2025-9283
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.
CVE-2025-11743
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.
CVE-2025-14376 CVE-2025-14377
Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server.
CVE-2025-9464 CVE-2025-9465 CVE-2025-9466 CVE-2025-9278 CVE-2025-9279 CVE-2025-9280 CVE-2025-9281 CVE-2025-9282 CVE-2025-9283
CVE-2025-14376 CVE-2025-14377
CVE-2025-11743
High
RA Advisories
CVE-2025-14027
CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing Industrial Cyber
CVE-2025-12807
Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations.
CVE-2025-9368
Successful exploitation of this vulnerability could result in a denial-of-service condition.
2025
December 2025 (7 findings)▼
CISA flags ICS vulnerabilities in products from Siemens, Schneider Electric, Rockwell, and others Industrial Cyber
CVE-2025-13823 CVE-2025-13824
Successful exploitation of these vulnerabilities could result in a denial-of-service condition.
CVE-2025-13823 CVE-2025-13824
CVE-2025-12807
CVE-2025-9368
News
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks CyberSecurityNews
News
CISA Industrial Control Systems (ICS) Advisories Recap for 2025 SOCRadar® Cyber Intelligence Inc.
November 2025 (13 findings)▼
Weekly IT & ICS Vulnerabilities Report — Top Risks of 2025 Cyble
CVE-2025-11918
Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena.
CVE-2025-11918
CVE-2024-48510
Successful exploitation of this vulnerability may allow remote code execution.
CVE-2024-22019
Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service.
CVE-2025-11084 CVE-2025-11085
Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, redirect users to a malicious website, or bypass MFA.
CVE-2025-11696 CVE-2025-11697
Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM hashes and execute scripts with Administrator privileges upon system reboot.
CVE-2025-11862
Successful exploitation of this vulnerability could result in an attacker accessing or altering user data.
CVE-2025-11696 CVE-2025-11697
CVE-2025-11862
CVE-2025-11084 CVE-2025-11085
CVE-2024-48510
CVE-2024-22019
October 2025 (17 findings)▼
CVE-2025-9124
Successful exploitation of this vulnerability could result in a denial-of-service.
CVE-2025-7328 CVE-2025-7329 CVE-2025-7330
Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information.
CVE-2025-9437
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected product.
CVE-2025-9066
Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition.
CVE-2025-9067 CVE-2025-9068
Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources.
CVE-2025-9064 CVE-2025-9063
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to access to the device's file system.
CVE-2025-9177 CVE-2025-9178
Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, requiring a restart to recover.
CVE-2025-9067 CVE-2025-9068
CVE-2025-7328 CVE-2025-7329 CVE-2025-7330
CVE-2025-9064 CVE-2025-9063
CVE-2025-9124
CVE-2025-9066
CVE-2025-9437
CVE-2025-9177 CVE-2025-9178
CVE-2025-20352
Successful exploitation of this vulnerability could result in arbitrary code execution.
CVE-2025-20352
Successful exploitation of this vulnerability could result in arbitrary code execution.
CVE-2025-20352
September 2025 (18 findings)▼
CVE-2025-20352
CISA flags critical ICS vulnerabilities across Rockwell and ABB Systems, exposing OT networks to potential exploits Industrial Cyber
CVE-2020-28895
Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product.
CVE-2025-9364
Successful exploitation of this vulnerability could allow an attacker to access sensitive information.
CVE-2025-9166
Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller.
CVE-2025-9160
Successful exploitation of this vulnerability could result in arbitrary code execution.
CVE-2025-7970
Successful exploitation of this vulnerability could result in in data exposure, session hijacking, or full communication compromise.
CVE-2025-9161
Successful exploitation of this vulnerability could result in an attacker achieving remote code execution.
CVE-2025-7350
Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication.
CVE-2025-9065
Successful exploitation of this vulnerability could expose the ThinServer service account NTLM hash.
CVE-2025-9364
CVE-2025-9166
CVE-2025-9160
CVE-2025-7350
CVE-2020-28895
CVE-2025-9065
CVE-2025-7970
CVE-2025-9161
August 2025 (30 findings)▼
Top IT Vulnerabilities: 908 Tracked, 188 Have Public PoCs Cyble
News
Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code CyberSecurityNews
News
Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code CyberSecurityNews
Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products SecurityWeek
CVE-2025-8007 CVE-2025-8008
Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition.
CVE-2025-9036
Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device.
CVE-2025-7971
Successful exploitation of this vulnerability could allow an attacker to crash the device or execute malicious code.
CVE-2025-7353
Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow.
CVE-2025-7773 CVE-2025-7774
Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions.
CVE-2025-9041 CVE-2025-9042
Successful exploitation of these vulnerabilities could create a denial-of-service condition.
CVE-2023-48691 CVE-2023-48692 CVE-2023-48693 CVE-2025-7693
Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation.
CVE-2025-7972
Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers.
CVE-2025-7973
Successful exploitation of this vulnerability could result in full privilege escalation.
CVE-2025-7972
CVE-2025-9041 CVE-2025-9042
CVE-2025-7971
CVE-2025-7353
CVE-2025-7973
CVE-2025-7532
CVE-2025-8007 CVE-2025-8008
ICS systems face elevated cyber risk as CISA issues advisories covering multiple vendor vulnerabilities Industrial Cyber
CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits cyberpress.org
CVE-2025-7025 CVE-2025-7032 CVE-2025-7033
Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code.
Rockwell Arena Simulation Flaws Allow Remote Execution of Malicious Code gbhackers.com
News
Rockwell Arena Simulation Vulnerabilities Allow Remote Code Execution by Attackers cyberpress.org
Rockwell Arena Simulation Vulnerabilities Let Attackers Execute Malicious Code Remotely CyberSecurityNews
Rockwell Arena Simulation Vulnerabilities Let Attackers Execute Malicious Code Remotely CyberSecurityNews
CVE-2025-7025 CVE-2025-7032 CVE-2025-7033
July 2025 (5 findings)▼
CVE-2025-41236 CVE-2025-41237 CVE-2025-41238 CVE-2025-41239
Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide The Hacker News
VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched SecurityWeek
Critical
RA Advisories
CVE-2025-41236 CVE-2025-41237 CVE-2025-41238 CVE-2025-41239
High
RA Advisories
CVE-2025-6377 CVE-2025-6376
May 2025 (2 findings)▼
CVE-2018-1285
Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files.
Critical
RA Advisories
CVE-2018-1285
April 2025 (12 findings)▼
CVE-2025-3618 CVE-2025-3617
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition.
High
RA Advisories
CVE-2025-3617 CVE-2025-3618
CVE-2025-2285 CVE-2025-2286 CVE-2025-2287 CVE-2025-2288 CVE-2025-2293 CVE-2025-2829 CVE-2025-3285 CVE-2025-3286 CVE-2025-3287 CVE-2025-3288 CVE-2025-3289
Successful exploitation of these vulnerabilities could disclose information to an attacker or allow execution of arbitrary code on the system.
CVE-2025-29824
CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks SOC Prime
Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability The Hacker News
CVE-2025-2285 CVE-2025-2286 CVE-2025-2287 CVE-2025-2288 CVE-2025-2293 CVE-2025-2829 CVE-2025-3285 CVE-2025-3286 CVE-2025-3287 CVE-2025-3288 CVE-2025-3289
CVE-2025-1449
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands SOC Prime
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - CyberSecurityNews
News
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS CyberSecurityNews
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS - CyberSecurityNews
News
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS CyberSecurityNews
Rockwell Automation Flaw Exposes Systems to Remote Command Execution cyberpress.org
News
Rockwell Automation Vulnerability Allows Attackers to Execute Arbitrary Commands gbhackers.com
CVE-2025-23120
Successful exploitation of this vulnerability could allow an attacker with administrative privileges to execute code on the target system.
March 2025 (7 findings)▼
CVE-2020-27212
Successful exploitation of this vulnerability could allow an attacker to take over the device.
CVE-2025-1449
Successful exploitation of this vulnerability could allow an attacker with administrative access to run arbitrary commands in the context of the container running the service.
CVE-2020-27212
Critical
RA Advisories
CVE-2025-23120
CVE-2025-1449
CVE-2025-22224 CVE-2025-22225 CVE-2025-22226
Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code.
Critical
RA Advisories
CVE-2025-22224 CVE-2025-22225 CVE-2025-22226
February 2025 (4 findings)▼
CVE-2025-0631
Successful exploitation of this vulnerability could result in exposure of sensitive data.
Latest CISA ICS Alerts: Exploits & Vulnerability News Cyble
CISA Issues Nine Critical Industrial Control Systems Advisories Cyble
CVE-2025-24478
Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service condition.
January 2025 (15 findings)▼
CVE-2025-0477 CVE-2025-0497 CVE-2025-0498
Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users.
CVE-2023-3825
Successful exploitation of this vulnerability could cause the device to crash.
Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products SecurityWeek
CISA flags hardware vulnerabilities in ICS and medical devices; affects B&R, Schneider Electric, Rockwell, BD Systems Industrial Cyber
CVE-2025-0477 CVE-2025-0497 CVE-2025-0498
CVE-2025-0659 CVE-2020-11656
Successful exploitation of these vulnerabilities could overwrite reports, including user projects.
CVE-2025-24481 CVE-2025-24482
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges.
CVE-2025-24479 CVE-2025-24480
Successful exploitation of these vulnerabilities could allow an attacker to execute code on the device with elevated privileges.
Critical
RA Advisories
CVE-2025-0659 CVE-2020-11656
CVE-2025-24478
CVE-2025-24479 CVE-2025-24480
CVE-2025-24481 CVE-2025-24482
High
RA Advisories
CVE-2023-3825
CVE-2025-0631
CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation Industrial Cyber