CVE-2022-2465 Information

Description

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that if opened by a local user in ISaGRAF Workbench may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03