CVE-2025-11697
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Rockwell Automation
Description
Description
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockwellautomation | studio_5000_simulation_interface | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local code execution issue in Studio 5000® Simulation Interface™ via its API. It allows any Windows user on the system to use path traversal sequences to extract files, which leads to execution of scripts with Administrator privileges when the system reboots.
How can this vulnerability impact me? :
An attacker with local access can exploit this vulnerability to execute scripts with Administrator privileges on system reboot, potentially leading to full system compromise, unauthorized access, and control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70