ISaGRAF Workbench Deserialization of Untrusted Data CWE-502
CVE-2022-2465

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Isagraf Workbench
Vendor: CVE Published:; 25 August 2022

Summary

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Affected Version(s)

ISaGRAF Workbench 6.0 <= 6.6.9

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Jul 18, 2022

Credit

Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA.