Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
References
Link | Resource |
---|---|
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798 | Permissions Required Vendor Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
25 Mar 2021, 18:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:a:rockwellautomation:drivetools_add-on_profiles:*:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:drivetools_sp:*:*:*:*:*:*:*:* |
|
References | (MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798 - Permissions Required, Vendor Advisory | |
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02 - Third Party Advisory, US Government Resource |
18 Mar 2021, 19:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-18 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22665
Mitre link : CVE-2021-22665
CVE.ORG link : CVE-2021-22665
JSON object : View
Products Affected
rockwellautomation
- drivetools_sp
- drivetools_add-on_profiles
CWE
CWE-427
Uncontrolled Search Path Element