PT-2026-58082 · Rockwell Automation · Studio 5000 Logix Designer

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-9127

CVSS v4.0

7.3

High

VectorAV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9127

Affected Products

Studio 5000 Logix Designer