Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 | Mitigation Patch Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2022-08-25 18:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-2463
Mitre link : CVE-2022-2463
CVE.ORG link : CVE-2022-2463
JSON object : View
Products Affected
rockwellautomation
- isagraf_workbench
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')