Vulnerability Description
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Drivetools Add-On Profiles | <= 4.12 |
| Rockwellautomation | Drivetools Sp | <= 5.13 |
Related Weaknesses (CWE)
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798Permissions RequiredVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02Third Party AdvisoryUS Government Resource
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129798Permissions RequiredVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-22665?
CVE-2021-22665 is a vulnerability with a CVSS score of 7.8 (HIGH). Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privileg...
How severe is CVE-2021-22665?
CVE-2021-22665 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22665?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Drivetools Add-On Profiles, Rockwellautomation Drivetools Sp.