CVE-2021-22665

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
rockwellautomationdrivetools_add-on_profiles
𝑥
≤ 4.12
rockwellautomationdrivetools_sp
𝑥
≤ 5.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02