exploitDog

GHSA-q489-3x56-hq57

Опубликовано: 24 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Ссылки

EPSS

Процентиль: 42%

0.00205

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2021-27475

CVSS3: 8.6

nvd

почти 4 года назад

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

BDU:2022-01723

CVSS3: 8.6

fstec

почти 5 лет назад

Уязвимость программного обеспечения проектирования и настройки контроллеров Connected Components Workbench (CCW) компании Rockwell Automation, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 42%

0.00205

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-502