First published: Wed Mar 23 2022(Updated: )
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Connected Components Workbench | <=12.00.00 | |
Rockwell Automation Connected Components Workbench v12.00.00 and prior |
Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.