Path Traversal Vulnerability in Studio 5000 Logix Designer by Rockwell Automation
CVE-2026-9108

5.4MEDIUM

What is CVE-2026-9108?

A security flaw in Studio 5000 Logix Designer permits improper handling of file paths within ACD project files, leading to potential path traversal attacks. The affected software fails to validate or sanitize file names included in the ACD file structure during the project opening process. This vulnerability enables malicious users to create specially crafted ACD project files that could write arbitrary files to locations controlled by the attacker, posing significant security risks, including unauthorized file access and possible code execution.

Affected Version(s)

Studio 5000 Logix Designer V36.00, 35.00,35.01, 34.00-34.03, 33.00-33.03, 32.00-32.04 and older

References

CVSS V4

Score:
5.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.