Code Execution Vulnerability in Studio 5000 Logix Designer by Rockwell Automation
CVE-2026-9128
7.3HIGH
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-9128?
A code execution security issue has been identified in Studio 5000 Logix Designer due to an improperly configured External Tools setup. The issue arises from unquoted paths in the configuration file, which may contain spaces. As a result, the operating system could mistakenly resolve these paths to unintended executables located earlier in the search order. This vulnerability could be exploited by an attacker who places a malicious executable in a directory within the search path, enabling arbitrary code execution with the permissions of the user running the application.
Affected Version(s)
Studio 5000 Logix Designer V35.00, 34.00-34.02, 33.00-33.02, 32.00-32.04 and older