CVE-2014-5424
published 2014-11-14CVE-2014-5424: Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
11.00%
95.3th percentile
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | connected_components_workbench | <= 6.01.00 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6659-x339-g68g: Rockwell Automation Connected Components Workbench (CCW) before 7
ghsa_unreviewed·2022-05-17
CVE-2014-5424 [HIGH] GHSA-6659-x339-g68g: Rockwell Automation Connected Components Workbench (CCW) before 7
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
CISA ICS
Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities
cisa_ics·2018-09-06
Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-294-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site.
Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell Automation’s Connected Components Workbench (CCW) application. Rockwell Automation has produced, tested, and released a new software version that mitig
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-11-14
Published