Login Sign Up

CVE-2021-27471

7.7 HIGH
Path Traversal

📋 TL;DR

This vulnerability allows attackers to craft malicious files that exploit path traversal when opened in Rockwell Automation Connected Components Workbench v12.00.00 and prior. Successful exploitation could allow file system traversal, file overwriting, and creation of new files with the software's permissions. Users of affected versions who open untrusted files are at risk.

💻 Affected Systems

Products:
  • Rockwell Automation Connected Components Workbench
Versions: v12.00.00 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installations when processing certain file types without input sanitization.

📦 What is this software?

Connected Components Workbench by Rockwellautomation

View all CVEs affecting Connected Components Workbench →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could overwrite critical system files, install malware, or compromise the entire system by exploiting the software's permissions.

🟠

Likely Case

Local file manipulation, data corruption, or limited malware installation through crafted files opened by users.

🟢

If Mitigated

Limited impact with proper user training, file validation, and restricted permissions on the software.

🌐 Internet-Facing: LOW - Exploit requires user interaction to open malicious files, not directly network-exploitable.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file) and crafting specific file types.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v12.00.01 or later

Vendor Advisory: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435

Restart Required: Yes

Instructions:

1. Download the latest version from Rockwell Automation's website. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict file opening

all

Only open trusted files from verified sources in Connected Components Workbench.

Run with limited permissions

windows

Run the software with reduced user privileges to limit file system access.

🧯 If You Can't Patch

  • Implement strict user training to avoid opening untrusted files.
  • Use application whitelisting to restrict execution of unauthorized files.

🔍 How to Verify

Check if Vulnerable:

Check the software version in Help > About Connected Components Workbench.

Check Version:

In Connected Components Workbench, navigate to Help > About.

Verify Fix Applied:

Verify the installed version is v12.00.01 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file creation or modification events in system logs
  • Application crashes or errors when opening files

Network Indicators:

  • No direct network indicators; exploit is file-based

SIEM Query:

Search for file creation/modification events in paths outside expected directories by the Connected Components Workbench process.

📊 Metadata

CVE ID: CVE-2021-27471
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-22
Published: March 23, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27471, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)