CVE-2024-7847

HIGH

Rockwell Automation RSLogix 5 - Remote Code Execution via Malicious RSP/RSS Project File

Title source: llm

Description

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html

Scores

CVSS v3 7.7

EPSS 0.0019

EPSS Percentile 8.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-345

Status published

Products (4)

rockwellautomation/rslogix_5

rockwellautomation/rslogix_500

rockwellautomation/rslogix_micro_developer

rockwellautomation/rslogix_micro_starter_lite

Published Oct 14, 2024

Tracked Since Feb 18, 2026