Rockwell Automation Connected Components Workbench, ISaGRAF Workbench, and Safety Instrumented System Workstation code execution | CVE-2022-1118
NAME
Rockwell Automation Connected Components Workbench, ISaGRAF Workbench, and Safety Instrumented System Workstation code execution
- Platforms Affected:
Rockwell Automation ISaGRAF Workbench 6.6.9
Rockwell Automation Connected Component Workbench 13.00.00
Rockwell Automation ISaGRAF Workbench 6.0
Rockwell Automation Safety Instrumented Systems Workstation 1.2 - Risk Level:
8.6 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Rockwell Automation Connected Components Workbench, ISaGRAF Workbench, and Safety Instrumented System Workstation could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to open a specially-crafted serialized object, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Connected Components Workbench (20.00 or later), available from the Rockwell Automation Web site. See References.
- Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01 - Reference Link:
https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112&mode=3&refSoft=1&versions=59954
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
