CVE-2022-2465 HIGH

CVE-2022-2465: ISaGRAF Workbench Deserialization of Untrusted Data CWE-502

Vendor Rockwell Automation
Product ISaGRAF Workbench
Weakness CWE-502 · Unsafe deserialization
Published August 25, 2022
Last update April 16, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
April 16, 2025 Record updated