Rockwell Automation ISaGRAF Deserialization of Untrusted Data
CVE-2022-1118

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Connected Component Workbench; Isagraf Workbench; Safety Instrumented Systems Workstation
Vendor: CVE Published:; 17 May 2022

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2022-1118?

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Connected Component Workbench All

ISaGRAF Workbench All v6.0 through v6.6.9

Safety Instrumented Systems Workstation All

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01

x_refsource_MISC

EPSS Score

51% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
Mar 28, 2022

JSON