CVE-2022-2463
ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
25 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Productos afectados
Rockwell Automation · ISaGRAF Workbench¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →