CNNVD-202511-1192 Information
CNNVD ID
CNNVD-202511-1192
Related CVE
- CNNVD Published: 2025-11-11
Description (Chinese)
Rockwell Automation Studio 5000 Simulation Interface是美国罗克韦尔(Rockwell Automation)公司的一个仿真建模工具。 Rockwell Automation Studio 5000 Simulation Interface存在安全漏洞,该漏洞源于API中存在本地代码执行问题,允许系统上的任何Windows用户通过路径遍历序列提取文件,可能导致系统重启时以管理员权限执行脚本。
Description (English)
Rockwell AutoStudio 5000 Simulation Internet is a simulation modelling tool for Rockwell Automation in the United States. Lockwell AutoStudio 5000 Simulation Interface has a security loophole, which stems from local code enforcement problems in API, allowing any Windows user on the system to extract files through a path-by-way sequence, which may result in a script being executed with administrator privileges when the system is restarted.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
罗克韦尔
Published
2025-11-11
Last Modified
2026-02-24
References
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html
Patch
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html
Share on: