CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-1018

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.084

EPSS Ranking 91.9%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01
https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01

Products affected by CVE-2022-1018

Rockwellautomation » Connected Components Workbench » Version: Any

cpe:2.3:a:rockwellautomation:connected_components_workbench:*
Rockwellautomation » Isagraf » Version: Any

cpe:2.3:a:rockwellautomation:isagraf:*
Rockwellautomation » Safety Instrumented Systems Workstation » Version: Any

cpe:2.3:o:rockwellautomation:safety_instrumented_systems_workstation:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1018

Products

Pricing

Contact Us