Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

ISaGRAF 代码问题漏洞

Rockwell Automation ISaGRAF是美国罗克韦尔（Rockwell Automation）公司的一种用于创建集成自动化解决方案的自动化软件技术。它设计为可扩展和便携，适合开发小型控制器和大型分布式自动化系统。 ISaGRAF 存在代码问题漏洞，该漏洞源于不受控制地加载动态库可能会让本地未经身份验证的攻击者执行任意代码。

N/A

N/A