CVE-2021-27475

CWE-502: DESERIALIZATION OF UNTRUSTED DATA
Connected Components Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Risk Information

  • CVE ID
  • CVE-2021-27475
  • Vendor
  • Rockwell Automation
  • Product
  • Connected Components Workbench
  • CVSS v3
  • 8.6