Vulnerabilities > Rockwellautomation > Safety Instrumented Systems Workstation > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-1118 Deserialization of Untrusted Data vulnerability in Rockwellautomation products
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized.
6.8
2022-04-01 CVE-2022-1018 XXE vulnerability in Rockwellautomation products
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file.
4.3