CVE-2022-2465

HIGH

Rockwellautomation Isagraf Workbench - Insecure Deserialization

Title source: rule

Description

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

References (1)

[Mitigation, Patch, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03

Scores

CVSS v3 8.6

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

rockwellautomation/isagraf_workbench < 6.6.9

Timeline

Published Aug 25, 2022

Tracked Since Feb 18, 2026