Remote Code Execution in Studio 5000 Logix Designer by Rockwell Automation
CVE-2026-9127

7.3HIGH

What is CVE-2026-9127?

A security flaw identified in Studio 5000 Logix Designer enables unauthorized modification of configuration files. This misconfiguration allows any authenticated user to redefine external tool paths within the application. If maliciously exploited, an attacker can redirect these tools to execute arbitrary code, posing significant risks whenever users interact with the external functionality of the software.

Affected Version(s)

Studio 5000 Logix Designer V35.00,34.00,34.01, 33.00,33.02, 32.00-32.04 and older

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.