Vulnerabilities > Rockwellautomation > Connected Components Workbench
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-1018 | XXE vulnerability in Rockwellautomation products When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. | 4.3 |
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 6.8 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 6.9 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 6.8 |
| 2017-05-19 | CVE-2017-5176 | Uncontrolled Search Path Element vulnerability in Rockwellautomation Connected Components Workbench A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). | 6.2 |
| 2014-11-14 | CVE-2014-5424 | Permissions, Privileges, and Access Controls vulnerability in Rockwellautomation Connected Components Workbench Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. | 7.5 |