Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Apr 16, 2025
ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
CVE-2022-2463
Description
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
Affected products
2>=6.0, <=6.6.9+ 1 more
- (no CPE)range: >=6.0, <=6.6.9
- (no CPE)range: 6.0
Patches
Vulnerability mechanics
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-202-03mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.