CVE-2022-2464

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03	Mitigation Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:isagraf_workbench:*:*:*:*:*:*:*:*

History

27 Aug 2022, 03:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:rockwellautomation:isagraf_workbench::::::::
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 - Mitigation, Patch, Third Party Advisory, US Government Resource
First Time		Rockwellautomation Rockwellautomation isagraf Workbench
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

25 Aug 2022, 18:46

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-25 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2464

Mitre link : CVE-2022-2464

CVE.ORG link : CVE-2022-2464

JSON object : View

Products Affected

rockwellautomation

isagraf_workbench

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-2464", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}]}, "published": "2022-08-25T18:15:10.143", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful."}, {"lang": "es", "value": "Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, est\u00e1n afectadas por una vulnerabilidad de Salto de Ruta. Los archivos maliciosos dise\u00f1ados pueden permitir a un atacante atravesar el sistema de archivos cuando son abiertos por ISaGRAF Workbench. Si es explotado con \u00e9xito, un atacante podr\u00eda sobrescribir los archivos existentes y crear archivos adicionales con los mismos permisos del software ISaGRAF Workbench. Es requerida una interacci\u00f3n del usuario para que la explotaci\u00f3n tenga \u00e9xito."}], "lastModified": "2022-08-27T03:29:27.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:isagraf_workbench:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54E95041-485F-48A3-A3C3-AA59F74EF64E", "versionEndIncluding": "6.6.9", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}