CVE-2022-2463

ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22

CVSS 6.1 MEDIUMEPSS 2.6%CWE-22

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.1EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 ago 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Produtos afetados

Rockwell Automation · ISaGRAF Workbench

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03