CVE-2016-2277

MEDIUM

Rockwellautomation Integrated Archite... - Improper Access Control

Title source: rule

Description

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

References (1)

Scores

CVSS v3 6.3
EPSS 0.0001
EPSS Percentile 0.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-284
Status draft

Affected Products (3)

rockwellautomation/integrated_architecture_builder < 9.6.0.7
rockwellautomation/integrated_architecture_builder
rockwellautomation/integrated_architecture_builder

Timeline

Published Apr 06, 2016
Tracked Since Feb 18, 2026