Lucene search
K

128 matches found

OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

8.6CVSS5.8AI score0.02745EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.20 views

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

8.2CVSS0.00752EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27473

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

8.2CVSS5.8AI score0.00752EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.20 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

8.6CVSS0.0281EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.6 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

8.6CVSS6AI score0.0281EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.28 views

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

8.6CVSS0.02745EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 8:15 p.m.15 views

Design/Logic Flaw

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

6.9CVSS8.2AI score0.00752EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.21 views

Remote code execution

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

6.8CVSS8.6AI score0.0281EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.24 views

CVE-2021-27475 Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

8.6CVSS8.8AI score0.0281EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.106 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier is affected by CVE-2021-27475 due to deserialization of untrusted data. The vulnerability allows a crafted malicious serialized object to execute remote code when opened by a local CCW user, requiring user interaction....

8.6CVSS8.7AI score0.0281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/23 7:46 p.m.100 views

CVE-2021-27471

The CVE-2021-27471 vulnerability affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier, arising from a parsing mechanism that does not sanitize file-path inputs, enabling path traversal when opening crafted files. This could allow an attacker to overwrite existing...

8.6CVSS8AI score0.02745EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.20 views

CVE-2021-27471 Rockwell Automation Connected Components Workbench Path Traversal

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

7.7CVSS8.6AI score0.02745EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.18 views

CVE-2021-27473 Rockwell Automation Connected Components Workbench Improper Input Validation

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive...

6.1CVSS8.4AI score0.00752EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.85 views

CVE-2021-27473

CVE-2021-27473 affects Rockwell Automation Connected Components Workbench (CCW) v12.00.00 and earlier. The root cause is improper sanitization of paths inside .ccwarc archives during extraction (Zip Slip), enabling a local, authenticated attacker to craft a malicious archive that, when opened, co...

8.2CVSS7.1AI score0.00752EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.22 views

Rockwell (CVE-2017-5176) (deprecated)

This plugin has been deprecated as Rockwell Automation Connected Components Workbench is not supported. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled...

6.8AI score0.0052EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.21 views

Rockwellautomation Rslinx Improper Input Validation

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

5.5CVSS3.6AI score0.02805EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/14 12:0 a.m.5 views

Rockwell Automation Connected Components Workbench Path Traversal Vulnerability

Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and performing microcontroller turns. A path traversal vulnerability exists in Rockwell Automation Connected Components Workbench, which can be exploited by an attacker to...

8.6CVSS6.8AI score0.02745EPSS
Exploits0References1
ICS
ICS
added 2021/05/13 12:0 a.m.189 views

Rockwell Automation Connected Components Workbench

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Deserialization of Untrusted Data, Path Traversal, Improper Input Validation 2. RISK EVALUATION Successful exploitation of...

8.6CVSS8.5AI score0.0281EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.8 views

Rockwell Automation Connected Components Workbench 代码问题漏洞

Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and performing microcontroller turns. A deserialization vulnerability exists in Rockwell Automation Connected Components Workbench, which can be exploited by an attacker to...

8.6CVSS6.4AI score0.0281EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.5 views

Rockwell Automation Connected Components Workbench 路径遍历漏洞

Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and performing microcontroller turns. An input validation error vulnerability exists in Rockwell Automation Connected Components Workbench, which can be exploited by an...

8.2CVSS5.6AI score0.00752EPSS
Exploits0References6
Rows per page
Query Builder