Lucene search

IcscertCVELIST:CVE-2021-27471

HistoryMar 23, 2022 - 7:46 p.m.

CVE-2021-27471 Rockwell Automation Connected Components Workbench Path Traversal

2022-03-2319:46:37

CWE-22

icscert

www.cve.org

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.

CNA Affected

[
  {
    "product": "Connected Components Workbench",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "v12.00.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435

www.cisa.gov/uscert/ics/advisories/icsa-21-133-01

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for CVELIST:CVE-2021-27471