CVE-2026-9108
Awaiting Analysis Awaiting Analysis - Queue

Path Traversal in Studio 5000 Logix Designer

Vulnerability report for CVE-2026-9108, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Rockwell Automation

Description

A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
rockwell_automation studio_5000_logix_designer 32.00
rockwell_automation studio_5000_logix_designer 33.00
rockwell_automation studio_5000_logix_designer to 34.03 (inc)
rockwell_automation studio_5000_logix_designer 35.00
rockwell_automation studio_5000_logix_designer 35.01
rockwell_automation studio_5000_logix_designer 36.00
rockwell_automation studio_5000_logix_designer From 37.00.36.01 (inc)
rockwell_automation studio_5000_logix_designer 35.02
rockwell_automation studio_5000_logix_designer 34.04
rockwell_automation studio_5000_logix_designer 33.04
rockwell_automation studio_5000_logix_designer 32.05

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9108 is a path traversal vulnerability in Rockwell Automation's Studio 5000 Logix Designer software. The issue occurs because the software does not properly validate or sanitize file paths embedded within ACD project files during the project opening process.

An attacker can exploit this flaw by crafting a malicious ACD project file containing path traversal sequences (e.g., '../'). When the victim opens this file, the software may write arbitrary files to unintended locations on the system, outside the intended extraction directory. This could potentially lead to arbitrary code execution on the affected system.

  • The vulnerability is classified under CWE-22: Improper Limitation of a Pathname to a Restricted Directory.
  • It affects multiple versions of Studio 5000 Logix Designer, including V36.00, 35.00, 35.01, 34.00-34.03, 33.00-33.03, and 32.00-32.04.
  • The issue has been fixed in versions V37.00.36.01, 35.02, 34.04, 33.04, and 32.05.
Impact Analysis

If you use an affected version of Studio 5000 Logix Designer, this vulnerability could have several serious impacts:

  • Arbitrary file writes: An attacker could place malicious files in sensitive locations on your system, such as startup folders or system directories.
  • Code execution: The ability to write files to arbitrary locations could allow an attacker to execute malicious code on your system, potentially taking full control of it.
  • Data compromise: Sensitive files on your system could be overwritten, corrupted, or exfiltrated.
  • System instability: The vulnerability could be used to disrupt normal system operations, leading to crashes or unexpected behavior.

To exploit this vulnerability, an attacker would need to trick you into opening a specially crafted ACD project file. This could happen through phishing emails, malicious downloads, or other social engineering tactics.

Compliance Impact

This vulnerability could impact compliance with several common standards and regulations, depending on the context in which the affected software is used:

  • GDPR (General Data Protection Regulation): If the affected system processes or stores personal data of EU citizens, this vulnerability could lead to unauthorized access or disclosure of that data, violating GDPR's data protection requirements. This could result in significant fines and reputational damage.
  • HIPAA (Health Insurance Portability and Accountability Act): In healthcare environments, if the affected system handles protected health information (PHI), this vulnerability could lead to unauthorized access or modification of PHI, violating HIPAA's security and privacy rules.
  • NIST Cybersecurity Framework: The vulnerability represents a failure to protect against common attack vectors (PR.PT-3) and could lead to unauthorized system access (PR.AC-1), impacting multiple core functions of the framework.
  • ISO 27001: The vulnerability could be seen as a failure to implement proper access controls (A.9) and system acquisition, development, and maintenance (A.14), potentially leading to non-compliance with the standard.
  • Industrial control system (ICS) standards: For organizations subject to ICS-specific regulations (e.g., NERC CIP, IEC 62443), this vulnerability could represent a failure to maintain system integrity and could lead to operational disruptions.

The exact impact on compliance will depend on how the affected software is used within your organization and what data or systems it interacts with. However, the potential for arbitrary code execution and data compromise generally represents a significant risk to most compliance frameworks.

Detection Guidance

Detecting this vulnerability on your network or system involves checking for the presence of vulnerable versions of Studio 5000 Logix Designer and inspecting ACD project files for suspicious path traversal sequences.

  • Identify installed versions of Studio 5000 Logix Designer. The vulnerable versions include V36.00, 35.00, 35.01, 34.00-34.03, 33.00-33.03, and 32.00-32.04. Compare these with the patched versions (V37.00.36.01, 35.02, 34.04, 33.04, and 32.05).
  • Inspect ACD project files for signs of path traversal sequences (e.g., '../' or '..\') in file names or embedded paths. This can be done manually or via automated tools that scan for malicious file structures.
  • Monitor file system activity for unexpected file writes outside the intended project directory when opening ACD files. Tools like Process Monitor (Windows) or auditd (Linux) can help track file operations.

No specific commands are provided in the context, but you can use system utilities to check software versions and file integrity. For example, on Windows, you might use:

  • wmic product where "name like 'Studio 5000 Logix Designer%'" get name,version to list installed versions.
  • Use file analysis tools or scripts to scan ACD files for path traversal patterns.
Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Upgrade Studio 5000 Logix Designer to a patched version. The fixed versions are V37.00.36.01, 35.02, 34.04, 33.04, and 32.05. Download updates from Rockwell Automation's official website.
  • Avoid opening ACD project files from untrusted or unknown sources. Only use files from trusted and verified origins.
  • Implement network and endpoint security measures to restrict access to systems running vulnerable versions of the software. Use firewalls, application whitelisting, and least-privilege access controls.
  • Monitor systems for unusual file write operations or unexpected changes to critical directories. Enable logging and alerting for suspicious activity.
  • If upgrading is not immediately possible, apply compensating controls such as isolating affected systems from untrusted networks and restricting user permissions to limit the impact of potential exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart