CVE-2021-22665

EUVD-2021-9801
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
rockwellautomationdrivetools_add-on_profiles
𝑥
≤ 4.12
rockwellautomationdrivetools_sp
𝑥
≤ 5.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02