CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.2%
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim’s affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | connected_components_workbench | * | cpe:2.3:o:rockwellautomation:connected_components_workbench:*:*:*:*:developer:*:*:* |
rockwellautomation | 9328-ccwdevdee | - | cpe:2.3:h:rockwellautomation:9328-ccwdevdee:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevene | - | cpe:2.3:h:rockwellautomation:9328-ccwdevene:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevese | - | cpe:2.3:h:rockwellautomation:9328-ccwdevese:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevfre | - | cpe:2.3:h:rockwellautomation:9328-ccwdevfre:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevite | - | cpe:2.3:h:rockwellautomation:9328-ccwdevite:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevpte | - | cpe:2.3:h:rockwellautomation:9328-ccwdevpte:-:*:*:*:*:*:*:* |
rockwellautomation | 9328-ccwdevzhe | - | cpe:2.3:h:rockwellautomation:9328-ccwdevzhe:-:*:*:*:*:*:*:* |
rockwellautomation | connected_components_workbench | * | cpe:2.3:o:rockwellautomation:connected_components_workbench:*:*:*:*:free_standard:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.2%