CVE-2024-7847

Name of the Vulnerable Software and Affected Versions Rockwell Automation RSLogix 5 (affected versions not specified)

Description A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.