Code Execution Vulnerability in Studio 5000 Logix Designer by Rockwell Automation
CVE-2026-9128

7.3HIGH

What is CVE-2026-9128?

A code execution security issue has been identified in Studio 5000 Logix Designer due to an improperly configured External Tools setup. The issue arises from unquoted paths in the configuration file, which may contain spaces. As a result, the operating system could mistakenly resolve these paths to unintended executables located earlier in the search order. This vulnerability could be exploited by an attacker who places a malicious executable in a directory within the search path, enabling arbitrary code execution with the permissions of the user running the application.

Affected Version(s)

Studio 5000 Logix Designer V35.00, 34.00-34.02, 33.00-33.02, 32.00-32.04 and older

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.