CVE-2022-2463

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 Mitigation Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:isagraf_workbench:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-25 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-2463

Mitre link : CVE-2022-2463

CVE.ORG link : CVE-2022-2463


JSON object : View

Products Affected

rockwellautomation

  • isagraf_workbench
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')