10 results (0.006 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Deserialización de Datos No Confiables. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Salto de Ruta. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Salto de Ruta. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited Connected Components Workbench (versiones v13.00.00 y anteriores), ISaGRAF Workbench (versiones v6.0 hasta v6.6.9), y Safety Instrumented System Workstation (versiones v1.2 y anteriores (para Trusted Controllers)) no limitan los objetos que pueden ser deserializados. Esto permite a atacantes diseñar un objeto serializado malicioso que, si es abierto por un usuario local en Connected Components Workbench, puede resultar en una ejecución de código arbitrario. Esta vulnerabilidad requiere la interacción del usuario para ser explotada con éxito This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. Cuando es abierto un archivo de solución malicioso proporcionado por un atacante, la aplicación sufre una vulnerabilidad de tipo XML external entity debido a una llamada no segura dentro de un archivo de biblioteca de enlace dinámico. Un atacante podría aprovechar esto para pasar datos de archivos locales a un servidor web remoto, conllevando a una pérdida de confidencialidad • https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01 • CWE-611: Improper Restriction of XML External Entity Reference •