CVE-2021-27475
Summary
| CVE | CVE-2021-27475 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-23 20:15:00 UTC |
| Updated | 2022-03-29 17:59:00 UTC |
| Description | Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rockwellautomation | Connected Components Workbench | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sign In | CONFIRM | rockwellautomation.custhelp.com | |
| Rockwell Automation Connected Components Workbench | CISA | CONFIRM | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation.
There are currently no legacy QID mappings associated with this CVE.