Unrated severityNVD Advisory· Published May 17, 2022· Updated Apr 16, 2025
Rockwell Automation ISaGRAF Deserialization of Untrusted Data
CVE-2022-1118
Description
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: All
- Range: All v6.0 through v6.6.9
- Rockwell Automation/Safety Instrumented Systems Workstationv5Range: All
Patches
Vulnerability mechanics
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-095-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.