CVE Vulnerability

CVE-2021-22665

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798 Permissions Required Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:rockwellautomation:drivetools_sp:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:drivetools_add-on_profiles:*:*:*:*:*:*:*:*
Information

Published : 2021-03-18 06:15

Updated : 2021-03-25 06:43

NVD link : CVE-2021-22665

Mitre link : CVE-2021-22665

Products Affected
No products.
CWE
CWE-427