CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.0%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 6.8

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435
https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435
https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01

Products affected by CVE-2021-27475

Rockwellautomation » Connected Components Workbench » Version: 12.00.00

cpe:2.3:a:rockwellautomation:connected_components_workbench:12.00.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27475

Products

Pricing

Contact Us