{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T12:36:37.271","vulnerabilities":[{"cve":{"id":"CVE-2022-2465","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-08-25T18:15:10.223","lastModified":"2024-11-21T07:01:02.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited."},{"lang":"es","value":"Rockwell Automation ISaGRAF Workbench software versiones 6.0 hasta 6.6.9, están afectadas por una vulnerabilidad de Deserialización de Datos No Confiables. ISaGRAF Workbench no limita los objetos que pueden ser deserializados. Esta vulnerabilidad permite a atacantes diseñar un objeto serializado malicioso que, si es abierto por un usuario local en ISaGRAF Workbench, puede resultar en una ejecución de código remoto. Es requerida una interacción del usuario para que la explotación tenga éxito."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:isagraf_workbench:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.6.9","matchCriteriaId":"54E95041-485F-48A3-A3C3-AA59F74EF64E"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Patch","Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Third Party Advisory","US Government Resource"]}]}}]}