Mashav Sapir

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 **Description** The issue is related to a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. The vulnerability is also described as being related to incorrect restriction of a directory path with limited access, which may allow an attacker to elevate their privileges using a specially crafted malicious file in the .7z format. **Recommendations** For Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9, consider disabling the opening of .7z exchange files until a patch is available to prevent potential exploitation. Restrict access to the software when it is running at the SYSTEM level to minimize the risk of gaining admin level privileges. Avoid using the software with user interaction that may lead to opening crafted malicious files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 **Description** The issue is related to a Path Traversal vulnerability, where crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. The vulnerability is also associated with incorrect restriction of the directory path name with limited access, which can allow an attacker to elevate their privileges using a specially crafted malicious file. **Recommendations** For Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9, consider disabling the ability to open crafted malicious files until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the ISaGRAF Workbench software to open files from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation ISaGRAF Workbench versions 6.0 through 6.6.9 **Description** The issue is related to the deserialization of untrusted data, where the ISaGRAF Workbench software does not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. The exploitation of this issue requires user interaction. **Recommendations** For versions 6.0 through 6.6.9, consider disabling the deserialization of untrusted data as a temporary workaround until a patch is available. Restrict access to potentially malicious serialized objects to minimize the risk of exploitation. Avoid opening unknown or untrusted files in ISaGRAF Workbench to prevent potential remote code execution.

**Name of the Vulnerable Software and Affected Versions** Ignition (affected versions not specified) **Description** The issue allows an attacker with access to the Ignition web configuration to run arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XINJE XD/E Series PLC Program Tool versions up to v3.5.1 **Description** A zip slip vulnerability can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This issue can be triggered by manually opening an infected project file or by initiating an upload program request from an infected Xinje PLC, potentially resulting in remote code execution, information disclosure, and denial of service of the system running the XINJE XD/E Series PLC Program Tool. **Recommendations** For XINJE XD/E Series PLC Program Tool versions up to v3.5.1, update to a version later than v3.5.1 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially infected project files and restricting upload program requests from untrusted Xinje PLC devices.

**Name of the Vulnerable Software and Affected Versions** XINJE XD/E Series PLC Program Tool versions up to v3.5.1 **Description** A vulnerability exists that can allow an authenticated, local attacker to load a malicious DLL, requiring local access and sufficient file-write privileges to exploit. If exploited, the attacker could place a malicious DLL file on the system, allowing them to execute arbitrary code with the privileges of another user's account. **Recommendations** For versions up to v3.5.1, consider restricting file-write privileges to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the loading of external DLLs in the XINJE XD/E Series PLC Program Tool until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Factory Automation products (affected versions not specified) **Description** The issue allows an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Factory Automation engineering software products (affected versions not specified) **Description** The issue allows a malicious attacker to execute malicious code, potentially obtaining information, modifying information, and causing a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation Connected Components Workbench versions prior to 12.00.00 **Description** The issue is related to the parsing mechanism of certain file types, which lacks input sanitization for file paths. This could allow an attacker to create malicious files that can traverse the file system when opened, potentially overwriting existing files and creating new ones with the same permissions as the software. Exploitation requires user interaction. **Recommendations** For versions prior to 12.00.00, consider restricting access to file system operations until a patch is available. As a temporary workaround, avoid opening files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation Connected Components Workbench version 12.00.00 and prior **Description** The issue is related to the deserialization of objects, which can be exploited by attackers to craft malicious objects. If a local user opens such an object in Connected Components Workbench, it may result in remote code execution. This requires user interaction to be successfully exploited. The vulnerability is also associated with the recovery of invalid data in memory, allowing an attacker to execute arbitrary code. **Recommendations** For versions 12.00.00 and prior, consider restricting the use of the deserialization feature in Connected Components Workbench until a patch is available. As a temporary workaround, avoid opening suspicious or untrusted files in Connected Components Workbench to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation Connected Components Workbench version 12.00.00 and prior **Description** The issue is related to the software's failure to sanitize paths within the .ccwarc archive file during extraction, also known as a Zip Slip vulnerability. A local, authenticated attacker can create a malicious .ccwarc archive file to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. **Recommendations** For Rockwell Automation Connected Components Workbench version 12.00.00 and prior, consider restricting access to the .ccwarc archive file until a patch is available. As a temporary workaround, avoid opening untrusted .ccwarc archive files with Connected Components Workbench to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ignition 8 Gateway versions prior to 8.0.10 Description: The issue is related to an unprotected logging route, which may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space, causing a denial-of-service condition. The vulnerability can be exploited remotely. Recommendations: For versions prior to 8.0.10, update to version 8.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging route to minimize the risk of exploitation.