CVE-2022-2465

Name of the Vulnerable Software and Affected Versions Rockwell Automation ISaGRAF Workbench versions 6.0 through 6.6.9

Description The issue is related to the deserialization of untrusted data, where the ISaGRAF Workbench software does not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. The exploitation of this issue requires user interaction.

Recommendations For versions 6.0 through 6.6.9, consider disabling the deserialization of untrusted data as a temporary workaround until a patch is available. Restrict access to potentially malicious serialized objects to minimize the risk of exploitation. Avoid opening unknown or untrusted files in ISaGRAF Workbench to prevent potential remote code execution.