CVE-2022-2464 HIGH

CVE-2022-2464: ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22

Vendor Rockwell Automation
Product ISaGRAF Workbench
Weakness CWE-22 · Path traversal
Published August 25, 2022
Last update April 16, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
April 16, 2025 Record updated