CVE-2022-1118: Rockwell Automation ISaGRAF Deserialization of Untrusted Data
First published: Tue May 17 2022(Updated: )
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation Connected Components Workbench | <=13.00.00 | |
| Isagraf Workbench | >=6.0<=6.6.9 | |
| Rockwell Automation Safety Instrumented Systems Workstation | <=1.2 | |
| Rockwell Automation Connected Components Workbench | ||
| Rockwell Automation ISaGRAF Workbench | ||
| Rockwell Automation Safety Instrumented Systems Workstation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1118?
CVE-2022-1118 has been rated as a high severity vulnerability.
How do I fix CVE-2022-1118?
To fix CVE-2022-1118, update to the latest version of the affected software which addresses the deserialization issue.
Which products are affected by CVE-2022-1118?
CVE-2022-1118 affects Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 through v6.6.9, and Safety Instrumented System Workstation v1.2 and prior.
What type of vulnerability is CVE-2022-1118?
CVE-2022-1118 is a deserialization vulnerability that allows attackers to craft malicious serialized data.
What are the potential impacts of CVE-2022-1118?
The impacts of CVE-2022-1118 could include unauthorized access or code execution on systems using the vulnerable software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/rockwellautomation
- canonical/rockwell automation connected components workbench
- version/rockwell automation connected components workbench/13.00.00
- canonical/isagraf workbench
- version/isagraf workbench/6.0
- version/isagraf workbench/6.6.9
- canonical/rockwell automation safety instrumented systems workstation
- version/rockwell automation safety instrumented systems workstation/1.2
- vendor/rockwell automation
- canonical/rockwell automation isagraf workbench