6.6.9

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

rockwellautomation

NVD

Published: 2022-08-25

Updated: 2024-11-21

Summary

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Isagraf Workbench 6.0 Rockwellautomation Isagraf Workbench 6.6.9	2

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03