CVE-2021-27475

Name of the Vulnerable Software and Affected Versions Rockwell Automation Connected Components Workbench version 12.00.00 and prior

Description The issue is related to the deserialization of objects, which can be exploited by attackers to craft malicious objects. If a local user opens such an object in Connected Components Workbench, it may result in remote code execution. This requires user interaction to be successfully exploited. The vulnerability is also associated with the recovery of invalid data in memory, allowing an attacker to execute arbitrary code.

Recommendations For versions 12.00.00 and prior, consider restricting the use of the deserialization feature in Connected Components Workbench until a patch is available. As a temporary workaround, avoid opening suspicious or untrusted files in Connected Components Workbench to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.