CVE-2022-27580

Name of the Vulnerable Software and Affected Versions Safety Designer versions up to and including 1.11.0

Description A deserialization vulnerability in a .NET framework class used by Safety Designer allows an attacker to craft malicious project files. When such a malicious project file is opened or imported, it can execute arbitrary code with the privileges of the current user, compromising confidentiality, integrity, and availability. The attack requires a user to manually open a malicious project file.

Recommendations For versions up to and including 1.11.0, update to a version later than 1.11.0 to resolve the issue. As a temporary workaround, consider avoiding the use of project files from untrusted sources to minimize the risk of exploitation.