CVE-2016-2277

MEDIUM

Rockwell Automation Integrated Architecture Builder < 9.6.0.8 & 9.7.x < 9.7.0.2 - RCE via Crafted Project File

Title source: llm

Description

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-056-01

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (3)

rockwellautomation/integrated_architecture_builder 9.7.0.0

rockwellautomation/integrated_architecture_builder 9.7.0.1

rockwellautomation/integrated_architecture_builder < 9.6.0.7

Published Apr 06, 2016

Tracked Since Feb 18, 2026