Описание
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
Ссылки
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
EPSS
7.7 High
CVSS3
8.6 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
Уязвимость программного обеспечения проектирования и настройки контроллеров Connected Components Workbench (CCW), связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю повысить свои привилегии
EPSS
7.7 High
CVSS3
8.6 High
CVSS3
6.8 Medium
CVSS2