cbcvebase.
CVE-2022-1018
published 2022-04-01

CVE-2022-1018: When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within…

PriorityP430medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
2.07%
79.1th percentile
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.

Affected

6 ranges
VendorProductVersion rangeFixed in
rockwell_automationconnected_component_workbench>= All < 1212
rockwell_automationisagraf>= All < 6.6.96.6.9
rockwell_automationsafety_instrumented_systems_workstation>= All < 1.11.1
rockwellautomationconnected_components_workbench<= 12.0
rockwellautomationisagraf<= 6.6.9
rockwellautomationsafety_instrumented_systems_workstation<= 1.1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.