CVE-2021-27471
HIGHRockwell Automation Connected Components Workbench < 12.00.00 - Path Traversal via Malicious File Processing
Title source: llmDescription
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01
Permissions Required, Vendor Advisory x_refsource_confirm
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435
Scores
CVSS v3
7.7
EPSS
0.0005
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
rockwellautomation/connected_components_workbench
< 12.00.00
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026