CVE-2021-27475
Last modified
CVE-2021-27475 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. EPSS estimates a 2.81% chance of exploitation in the next 30 days.
Description
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Connected Components Workbench | <= 12.00.00 |
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435Permissions Required, Vendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01Third Party Advisory, US Government Resource
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435Permissions Required, Vendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27475?
How severe is CVE-2021-27475?
How do I fix CVE-2021-27475?
Are you affected by CVE-2021-27475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST