ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
CVE-2022-2463

6.1MEDIUM

Key Information:

Vendor: Rockwell Automation
Status: Isagraf Workbench
Vendor: CVE Published:; 25 August 2022

Summary

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.

Affected Version(s)

ISaGRAF Workbench 6.0 <= 6.6.9

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Jul 18, 2022

Credit

Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA.