PT-2021-15160 · Rockwell Automation · Drivetools Sp+1

Published

2021-03-18

Updated

2021-03-25

CVE-2021-22665

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation DriveTools SP versions 5.13 and below Rockwell Automation Drives AOP versions 4.12 and below

Description A local attacker with limited privileges may be able to exploit the issue, resulting in privilege escalation and complete control of the system.

Recommendations For Rockwell Automation DriveTools SP versions 5.13 and below, update to a version above 5.13 to resolve the issue. For Rockwell Automation Drives AOP versions 4.12 and below, update to a version above 4.12 to resolve the issue.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-22665

Affected Products

Drivetools Sp

Drives Aop

PT-2021-15160 · Rockwell Automation · Drivetools Sp+1

CVE-2021-22665

Weakness Enumeration

Related Identifiers

Affected Products

References · 5