PT-2026-20411 · Rexroth · Indraworks+1
Published
2026-02-18
·
Updated
2026-02-19
·
CVE-2025-60035
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rexroth IndraWorks OPC.Testclient versions prior to 15V24
Description
A flaw exists in the OPC.Testclient utility, included within Rexroth IndraWorks, that allows an attacker to execute arbitrary code on a user’s system. This is achieved by parsing a manipulated file containing malicious serialized data. Successful exploitation requires user interaction, specifically opening a specially crafted file. This action causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE) and potentially leading to a complete system compromise.
Recommendations
Update Rexroth IndraWorks OPC.Testclient to version 15V24 or later.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Indraworks
Indraworks Opc.Testclient