What is the severity of CVE-2021-27473?

CVE-2021-27473 has been rated as a medium severity vulnerability due to its potential impact on system integrity.

How do I fix CVE-2021-27473?

To mitigate CVE-2021-27473, users should upgrade to a version of Rockwell Automation Connected Components Workbench beyond v12.00.00.

What type of attack does CVE-2021-27473 enable?

CVE-2021-27473 enables a local, authenticated attacker to exploit the vulnerability through path manipulation during file extraction.

What is the nature of the vulnerability in CVE-2021-27473?

CVE-2021-27473 is a Zip Slip vulnerability, which arises from improper sanitization of file paths in .ccwarc archive files.

Vulnerability/
CVE-2021-27473

high

8.2

CWE

22 20

23/3/2022

3/8/2024

CVE-2021-27473: Rockwell Automation Connected Components Workbench Improper Input Validation

Q: Who is affected by CVE-2021-27473?

CVE-2021-27473 affects users of Rockwell Automation Connected Components Workbench version 12.00.00 and earlier.

First published: Wed Mar 23 2022(Updated: )

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Rockwell Automation Connected Components Workbench	<=12.00.00
Rockwell Automation Connected Components Workbench

Remedy

Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-133-01

Frequently Asked Questions

What is the severity of CVE-2021-27473?
CVE-2021-27473 has been rated as a medium severity vulnerability due to its potential impact on system integrity.
How do I fix CVE-2021-27473?
To mitigate CVE-2021-27473, users should upgrade to a version of Rockwell Automation Connected Components Workbench beyond v12.00.00.
Who is affected by CVE-2021-27473?
CVE-2021-27473 affects users of Rockwell Automation Connected Components Workbench version 12.00.00 and earlier.
What type of attack does CVE-2021-27473 enable?
CVE-2021-27473 enables a local, authenticated attacker to exploit the vulnerability through path manipulation during file extraction.
What is the nature of the vulnerability in CVE-2021-27473?
CVE-2021-27473 is a Zip Slip vulnerability, which arises from improper sanitization of file paths in .ccwarc archive files.

agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/title
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/rockwellautomation
canonical/rockwell automation connected components workbench
version/rockwell automation connected components workbench/12.00.00
vendor/rockwell automation