CVE-2021-27473: 
Rockwell Automation Connected Components Workbench vulnerability analysis and mitigation

Connected Components Workbench v12.00.00 and prior contains an improper input validation vulnerability (CVE-2021-27473) that does not sanitize paths specified within the .ccwarc archive file during extraction, commonly known as a Zip Slip vulnerability. This vulnerability was discovered and reported by Mashav Sapir of Claroty to Rockwell Automation (CISA Advisory).

The vulnerability stems from improper input validation where the software fails to sanitize paths specified within the .ccwarc archive file during extraction. The vulnerability has been assigned a CVSS v3 base score of 6.1 with the vector string (AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating local access required with low attack complexity (CISA Advisory).

If successfully exploited, this vulnerability allows a local, authenticated attacker to gain the privileges of the software through a malicious .ccwarc archive file. If the software is running at SYSTEM level, the attacker can gain admin level privileges. The vulnerability requires user interaction to be successfully exploited (CISA Advisory).

Rockwell Automation recommends updating to Connected Components Workbench v13.00.00 or later. If upgrading is not possible, users should: run the software as a User rather than Administrator, avoid opening untrusted .ccwarc files, implement training programs for phishing awareness, use Microsoft AppLocker or similar allowlist applications, and follow the least-privilege principle for user accounts (CISA Advisory).