cbcvebase.

Rockwellautomation Connected Components Workbench vulnerabilities

6 known vulnerabilities affecting rockwellautomation/connected_components_workbench.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-27475P3HIGHCVSS 8.6≤ 12.00.002022-03-23
CVE-2021-27475 [HIGH] CWE-502 CVE-2021-27475: Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects th Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be
nvd
CVE-2021-27471P3HIGHCVSS 8.6≤ 12.00.002022-03-23
CVE-2021-27471 [HIGH] CWE-22 CVE-2021-27471: The parsing mechanism that processes certain file types does not provide input sanitization for file The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files a
nvd
CVE-2014-5424P3HIGHCVSS 7.5≤ 6.01.002014-11-14
CVE-2014-5424 [HIGH] CWE-264 CVE-2014-5424: Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to c Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
nvd
CVE-2021-27473P3HIGHCVSS 8.2≤ 12.00.002022-03-23
CVE-2021-27473 [HIGH] CWE-22 CVE-2021-27473: Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths speci Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench
nvd
CVE-2022-1018P4MEDIUMCVSS 5.5≤ 12.02022-04-01
CVE-2022-1018 [MEDIUM] CWE-611 CVE-2022-1018: When opening a malicious solution file provided by an attacker, the application suffers from an XML When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
nvd
CVE-2017-5176P4HIGHCVSS 7.0≤ 9.01.002017-05-19
CVE-2017-5176 [HIGH] CWE-427 CVE-2017-5176: A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The f A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbenc
nvd
Rockwellautomation Connected Components Workbench vulnerabilities | cvebase