CVE-2021-27475: 
Rockwell Automation Connected Components Workbench vulnerability analysis and mitigation

CVE-2021-27475 affects Rockwell Automation Connected Components Workbench v12.00.00 and prior versions. The vulnerability is related to deserialization of untrusted data, where the software does not limit the objects that can be deserialized (CISA Advisory, NVD).

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data). It has been assigned a CVSS v3.1 base score of 8.6 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. The vulnerability requires user interaction to be successfully exploited, and the attack complexity is considered low (CISA Advisory).

Successful exploitation of this vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the system (CISA Advisory).

Rockwell Automation recommends updating to Connected Components Workbench v13.00.00 or later. If upgrading is not possible, several mitigations are recommended: run the software as a User rather than Administrator, avoid opening untrusted .ccwarc files, implement user awareness training for phishing attacks, use Microsoft AppLocker or similar allowlist applications, and follow the least-privilege principle for user accounts (CISA Advisory).