cvedb.io
CVE-2022-1118
HIGH · CVSS 8.6
EPSS exploitation probability: 0%
Published 2022-05-17T20:15:08.173 · Last modified 2026-06-17T04:21:51.617

Summary

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

Affected products

rockwellautomation — connected_component_workbench

Does this affect you?

Add your gear to cvedb and we'll alert you only when rockwellautomation ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.