Path Traversal Vulnerability in Studio 5000 Logix Designer by Rockwell Automation
CVE-2026-9108
5.4MEDIUM
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-9108?
A security flaw in Studio 5000 Logix Designer permits improper handling of file paths within ACD project files, leading to potential path traversal attacks. The affected software fails to validate or sanitize file names included in the ACD file structure during the project opening process. This vulnerability enables malicious users to create specially crafted ACD project files that could write arbitrary files to locations controlled by the attacker, posing significant security risks, including unauthorized file access and possible code execution.
Affected Version(s)
Studio 5000 Logix Designer V36.00, 35.00,35.01, 34.00-34.03, 33.00-33.03, 32.00-32.04 and older