Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7847

Summary
Assigner-Rockwell
Assigner Org ID-b73dd486-f505-4403-b634-40b078b177f0
Published At-14 Oct, 2024 | 13:47
Updated At-15 Oct, 2024 | 14:05
Rejected At-
Credits

RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Rockwell
Assigner Org ID:b73dd486-f505-4403-b634-40b078b177f0
Published At:14 Oct, 2024 | 13:47
Updated At:15 Oct, 2024 | 14:05
Rejected At:
▼CVE Numbering Authority (CNA)
RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
RSLogix 500®
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
RSLogix™ Micro Developer and Starter
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
RSLogix™ 5
Default Status
unaffected
Versions
Affected
  • All
Problem Types
TypeCWE IDDescription
CWECWE-345CWE-345 Insufficient Verification of Data Authenticity
Type: CWE
CWE ID: CWE-345
Description: CWE-345 Insufficient Verification of Data Authenticity
Metrics
VersionBase scoreBase severityVector
4.08.8HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3.17.7HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-19CAPEC-19 Embedding Scripts within Scripts
CAPEC ID: CAPEC-19
Description: CAPEC-19 Embedding Scripts within Scripts
Solutions
Configurations
Workarounds

Mitigations and Workarounds Users using the affected software are encouraged to apply the following mitigations and security best practices, where possible. ·       Deny the execution feature in FactoryTalk® Administration Console, when not needed, by navigating to “Policies”, selecting ‘”Enable/Disable VBA”, and then checking the “Deny” box to block VBA code execution. ·       Save project files in a Trusted® location where only administrators can modify it and verify file integrity. ·       Utilize the VBA editor protection feature, which locks the VBA code from viewing and editing by setting a password.

Exploits
Credits
reporter
Sharon Brizinov of Claroty Research - Team82
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html
N/A
Hyperlink: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Rockwell Automation, Inc.rockwellautomation
Product
rslogix_500
CPEs
  • cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Rockwell Automation, Inc.rockwellautomation
Product
rslogix_micro_developer
CPEs
  • cpe:2.3:a:rockwellautomation:rslogix_micro_developer:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Rockwell Automation, Inc.rockwellautomation
Product
rslogix_micro_starter
CPEs
  • cpe:2.3:a:rockwellautomation:rslogix_micro_starter:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Rockwell Automation, Inc.rockwellautomation
Product
rslogix_5
CPEs
  • cpe:2.3:a:rockwellautomation:rslogix_5:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@rockwellautomation.com
Published At:14 Oct, 2024 | 14:15
Updated At:15 Oct, 2024 | 12:57

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.8HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-345SecondaryPSIRT@rockwellautomation.com
CWE ID: CWE-345
Type: Secondary
Source: PSIRT@rockwellautomation.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.htmlPSIRT@rockwellautomation.com
N/A
Hyperlink: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html
Source: PSIRT@rockwellautomation.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2021-27471
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.7||HIGH
EPSS-0.05% / 15.29%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-16 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Connected Components Workbench Path Traversal

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-connected_components_workbenchConnected Components Workbench
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-2464
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.7||HIGH
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 17:24
Updated-16 Apr, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-isagraf_workbenchISaGRAF Workbench
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found