CVE-2022-1118

Name of the Vulnerable Software and Affected Versions Connected Components Workbench versions 13.00.00 and prior ISaGRAF Workbench versions 6.0 through 6.6.9 Safety Instrumented System Workstation versions 1.2 and prior

Description The issue is related to the deserialization of objects, which allows attackers to craft a malicious serialized object. If a local user opens this object in Connected Components Workbench, it may result in arbitrary code execution. This requires user interaction to be successfully exploited. The vulnerability is associated with the restoration of untrusted data in memory, potentially enabling an attacker to execute arbitrary code using a specially crafted file.

Recommendations For Connected Components Workbench versions 13.00.00 and prior, consider disabling the deserialization of untrusted objects until a patch is available. For ISaGRAF Workbench versions 6.0 through 6.6.9, restrict access to potentially malicious files to minimize the risk of exploitation. For Safety Instrumented System Workstation versions 1.2 and prior, avoid using the affected software to open untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.