ID
VAR-202207-1551
CVE
CVE-2022-2465
TITLE
Rockwell Automation of ISaGRAF Workbench Untrusted Data Deserialization Vulnerability in
Trust: 0.8
DESCRIPTION
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. (DoS) It may be in a state. Rockwell Automation ISaGRAF Workbench
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | rockwellautomation | model: | isagraf workbench | scope: | lte | version: | 6.6.9 | Trust: 1.0 |
| vendor: | rockwellautomation | model: | isagraf workbench | scope: | gte | version: | 6.0 | Trust: 1.0 |
| vendor: | rockwell automation | model: | isagraf workbench | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | rockwell automation | model: | isagraf workbench | scope: | - | version: | - | Trust: 0.8 |
| vendor: | rockwell automation | model: | isagraf workbench | scope: | eq | version: | 6.0 to 6.6.9 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-502 | Trust: 1.1 |
| problemtype: | Deserialization of untrusted data (CWE-502) [ others ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
code problem
Trust: 0.6
PATCH
| title: | Rockwell Automation ISaGRAF Workbench Fixes for code issue vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201003 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-2465 | Trust: 3.4 |
| db: | ICS CERT | id: | ICSA-22-202-03 | Trust: 2.6 |
| db: | JVN | id: | JVNVU95712880 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-015409 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.3567 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2022072218 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202207-2127 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-427809 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-2465 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03 | Trust: 2.6 |
| url: | https://jvn.jp/vu/jvnvu95712880/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-2465 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-2465/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-202-03 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.3567 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022072218 | Trust: 0.6 |
CREDITS
Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA.
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-427809 |
| db: | VULMON | id: | CVE-2022-2465 |
| db: | JVNDB | id: | JVNDB-2022-015409 |
| db: | CNNVD | id: | CNNVD-202207-2127 |
| db: | NVD | id: | CVE-2022-2465 |
LAST UPDATE DATE
2024-08-14T13:53:10.560000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-427809 | date: | 2022-08-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015409 | date: | 2023-09-26T08:28:00 |
| db: | CNNVD | id: | CNNVD-202207-2127 | date: | 2022-08-29T00:00:00 |
| db: | NVD | id: | CVE-2022-2465 | date: | 2022-08-27T03:30:06.010 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-427809 | date: | 2022-08-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015409 | date: | 2023-09-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-202207-2127 | date: | 2022-07-21T00:00:00 |
| db: | NVD | id: | CVE-2022-2465 | date: | 2022-08-25T18:15:10.223 |