CVE-2021-27475

HIGH Year: 2021
CVSS v3 Score
8.6
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.

Related Vulnerabilities

CVE-2021-21349

HIGH
CVSS:8.6(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resourc...

CWE-5022021

CVE-2021-21371

HIGH
CVSS:8.6(High)

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pyp...

CWE-5022021

CVE-2025-1403

HIGH
CVSS:8.6(High)

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a ...

CWE-5022025

CVE-2021-39150

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2021-39152

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2024-24842

HIGH
CVSS:8.7(High)

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: ...

CWE-5022024