CVE-2021-27475

Published: Mar 23, 2022Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Affected (1)

Products: Rockwellautomation: Connected Components Workbench

Rockwellautomation

1 product

Connected Components Workbench

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Connected Components Workbench	Up to 12.00.00

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.