58 matches found
CVE-2021-27473
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...
EUVD-2021-14225
Malware in sbrugna...
EUVD-2021-14229
Malware in sbrugna...
EUVD-2014-5312
Malware in sbrugna...
CVE-2022-1118
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if open...
Rockwell Automation Connected Components Workbench
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Rockwell Automation Equipment : Connected Components Workbench Vulnerabilities : Use After Free, Out-of-bounds Write 2. RISK...
VulnCheck KEV: CVE-2022-1118
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that,...
The vulnerability of the software for designing and configuring Connected Components Workbench controllers arises from incorrect restrictions on the path to the restricted-access directory. This allows attackers to escalate their privileges.
The vulnerability of the software for designing and configuring Connected Components Workbench controllers is related to incorrect path name restrictions in the restricted access catalog during file syntax analysis. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerabilities of the software for designing and configuring controllers of the Connected Components Workbench, the workstations for automated safety systems called Safety Instrumented Systems Workstations (SISW), and the development environment for ISaGRAF Workbench programmable logic controllers allow attackers to compromise the confidentiality of protected information.
The vulnerability of the DLL library used in software for designing and configuring Connected Components Workbench controllers, the Safety Instrumented Systems Workstation, and the application development environment for programmable logic controllers ISaGRAF Workbench is related to incorrect...
CVE-2022-1118
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if open...
Remote code execution
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if open...
CVE-2022-1118 Rockwell Automation ISaGRAF Deserialization of Untrusted Data
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if open...
CVE-2022-1118
CVE-2022-1118 affects Rockwell Automation components: Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0–v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior for Trusted Controllers). The issue is deserialization of untrusted data, allowing a crafted seri...
The vulnerabilities of the software for designing and configuring controllers from the CCW platform, the SISW workstation for automated safety systems, and the ISaGRAF Workbench development environment for programmable logic controllers from Rockwell Automation allow attackers to execute arbitrary code by restoring unreliable data into memory.
The vulnerabilities of the software for designing and configuring controllers in the Connected Components Workbench, the workstations for automated safety systems called Safety Instrumented Systems Workstations, and the application development environment for programmable logic controllers in the...
The vulnerability of the software for designing and configuring the Connected Components Workbench (CCW) from Rockwell Automation, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the software used for designing and configuring the Connected Components Workbench CCW from Rockwell Automation lies in the ability to restore unreliable data in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2021-27473
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...
CVE-2021-27471
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...
CVE-2021-27475
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...
CVE-2021-27473
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...
CVE-2021-27471
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...