CVE-2022-2463

Name of the Vulnerable Software and Affected Versions Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9

Description The issue is related to a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. The vulnerability is also described as being related to incorrect restriction of a directory path with limited access, which may allow an attacker to elevate their privileges using a specially crafted malicious file in the .7z format.

Recommendations For Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9, consider disabling the opening of .7z exchange files until a patch is available to prevent potential exploitation. Restrict access to the software when it is running at the SYSTEM level to minimize the risk of gaining admin level privileges. Avoid using the software with user interaction that may lead to opening crafted malicious files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.