ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
CVE-2022-2464

7.7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Isagraf Workbench
Vendor: CVE Published:; 25 August 2022

Summary

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.

Affected Version(s)

ISaGRAF Workbench 6.0 <= 6.6.9

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Jul 18, 2022

Credit

Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA.