Lucene search

IcscertCVELIST:CVE-2021-27475

HistoryMar 23, 2022 - 7:46 p.m.

CVE-2021-27475 Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data

2022-03-2319:46:38

CWE-502

icscert

www.cve.org

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

CNA Affected

[
  {
    "product": "Connected Components Workbench",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "v12.00.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435

www.cisa.gov/uscert/ics/advisories/icsa-21-133-01

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

Related for CVELIST:CVE-2021-27475