CVE-2021-27471

Rockwell Automation Connected Components Workbench Path Traversal

CVSS 7.7 HIGHEPSS 2.7%CWE-22

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.7EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 mar 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Productos afectados

Rockwell Automation · Connected Components Workbench

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435 https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01