Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cq53-3mvc-ghx7

Опубликовано: 18 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

Ссылки

EPSS

Процентиль: 98%
0.51482
Средний

7.8 High

CVSS3

CVE ID

CVE-2022-1118

Дефекты

CWE-502

Связанные уязвимости

nvd логотип

CVE-2022-1118

CVSS3: 8.6
nvd
больше 3 лет назад

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

fstec логотип

BDU:2022-02430

CVSS3: 8.6
fstec
больше 4 лет назад

Уязвимость программного обеспечения проектирования и настройки контроллеров Connected Components Workbench (CCW), рабочей станции автоматизированных систем безопасности Safety Instrumented Systems Workstation (SISW) и среды разработки приложений для программируемых логических контроллеров ISaGRAF Workbench компании Rockwell Automation, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.51482
Средний

7.8 High

CVSS3

CVE ID

CVE-2022-1118

Дефекты

CWE-502