CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

642 matches found

ICS•added 2022/03/29 12:0 a.m.•60 views

Rockwell Automation ISaGRAF

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Vulnerability: I mproper Restriction of XML External Entity Reference 2.UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-088-01 Rockwell...

5.5CVSS5.8AI score0.02072EPSS

Exploits0References5

Cvelist•added 2022/03/28 4:25 p.m.•26 views

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system...

5.5CVSS5.5AI score0.00941EPSS

Exploits0References1

CVE•added 2022/03/28 4:25 p.m.•63 views

CVE-2022-0221

CVE-2022-0221 describes an XML External Entity (XXE) vulnerability in Schneider Electric SCADAPack Workbench (versions up to 6.6.8a). The flaw arises when opening a malicious solution file, allowing information disclosure by passing data from local files to a remote attacker-controlled system. Ex...

5.5CVSS5.2AI score0.00941EPSS

Exploits0References1Affected Software1

OSV•added 2022/03/23 8:15 p.m.•2 views

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

8.6CVSS5.8AI score

Exploits0References2

OSV•added 2022/03/23 8:15 p.m.•3 views

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

8.2CVSS5.8AI score0.00752EPSS

Exploits0References2

NVD•added 2022/03/23 8:15 p.m.•12 views

CVE-2021-27471

8.6CVSS0.02745EPSS

Exploits0References2

NVD•added 2022/03/23 8:15 p.m.•11 views

CVE-2021-27473

8.2CVSS0.00752EPSS

Exploits0References2

NVD•added 2022/03/23 8:15 p.m.•11 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

8.6CVSS0.0281EPSS

Exploits0References2

OSV•added 2022/03/23 8:15 p.m.•4 views

CVE-2021-27475

8.6CVSS6AI score

Exploits0References2

Prion•added 2022/03/23 8:15 p.m.•20 views

Remote code execution

6.8CVSS8.6AI score0.0281EPSS

Exploits0References2Affected Software1

Prion•added 2022/03/23 8:15 p.m.•14 views

Design/Logic Flaw

6.9CVSS8.2AI score0.00752EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/23 7:46 p.m.•15 views

CVE-2021-27475 Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data

8.6CVSS8.8AI score0.0281EPSS

Exploits0References2

CVE•added 2022/03/23 7:46 p.m.•101 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier is affected by CVE-2021-27475 due to deserialization of untrusted data. The vulnerability allows a crafted malicious serialized object to execute remote code when opened by a local CCW user, requiring user interaction....

8.6CVSS8.7AI score0.0281EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/23 7:46 p.m.•12 views

CVE-2021-27471 Rockwell Automation Connected Components Workbench Path Traversal

7.7CVSS8.6AI score0.02745EPSS

Exploits0References2

CVE•added 2022/03/23 7:46 p.m.•94 views

CVE-2021-27471

The CVE-2021-27471 vulnerability affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier, arising from a parsing mechanism that does not sanitize file-path inputs, enabling path traversal when opening crafted files. This could allow an attacker to overwrite existing...

8.6CVSS8AI score0.02745EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/23 7:46 p.m.•10 views

CVE-2021-27473 Rockwell Automation Connected Components Workbench Improper Input Validation

6.1CVSS8.4AI score0.00752EPSS

Exploits0References2

CVE•added 2022/03/23 7:46 p.m.•80 views

CVE-2021-27473

CVE-2021-27473 affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier. The root cause is improper sanitization of paths inside .ccwarc archives during extraction (Zip Slip), enabling a local, authenticated attacker to craft a malicious archive that, when opened, co...

8.2CVSS7.1AI score0.00752EPSS

Exploits0References2Affected Software1

OSV•added 2022/03/18 6:15 p.m.•3 views

CVE-2020-25178

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...

8.8CVSS5.8AI score

Exploits0References4

Prion•added 2022/03/18 6:15 p.m.•24 views

Design/Logic Flaw

9.3CVSS9AI score0.01631EPSS

Exploits0References4Affected Software12

CVE•added 2022/03/18 6:0 p.m.•63 views

CVE-2020-25178

ISaGRAF CVE-2020-25178 affects Rockwell Automation ISaGRAF Runtime 4.x/5.x when interfaced with ISaGRAF Workbench over TCP/IP. The protocol transmits data unencrypted, enabling a remote unauthenticated attacker to upload, read, and delete files. Affected product details and mitigations are suppor...

9.3CVSS8.1AI score0.01631EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by