Vulnerability-Lookup

CNVD-2026-14653

Vulnerability from cnvd - Published: 2026-03-24

Title

Rockwell Automation Studio 5000 Logix Designer代码问题漏洞

Description

Rockwell Automation Studio 5000 Logix Designer是美国罗克韦尔（Rockwell Automation）公司的一个基于Windows的应用程序。用于为PLC构建程序。 Rockwell Automation Studio 5000 Logix Designer存在代码问题漏洞，该漏洞源于FactoryTalk Activation Service中未加引号的服务路径，攻击者可利用该漏洞导致本地用户执行代码并提升权限。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.rockwellautomation.com/en_NA/overview.page

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-25276

Impacted products

Name
Rockwell Automation Studio 5000 Logix Designer 30.01.00

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-25276",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-25276"
    }
  },
  "description": "Rockwell Automation Studio 5000 Logix Designer\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8eWindows\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u4e8e\u4e3aPLC\u6784\u5efa\u7a0b\u5e8f\u3002\n\nRockwell Automation Studio 5000 Logix Designer\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFactoryTalk Activation Service\u4e2d\u672a\u52a0\u5f15\u53f7\u7684\u670d\u52a1\u8def\u5f84\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u7528\u6237\u6267\u884c\u4ee3\u7801\u5e76\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.rockwellautomation.com/en_NA/overview.page",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-14653",
  "openTime": "2026-03-24",
  "products": {
    "product": "Rockwell Automation Studio 5000 Logix Designer 30.01.00"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-25276",
  "serverity": "\u4e2d",
  "submitTime": "2026-02-11",
  "title": "Rockwell Automation Studio 5000 Logix Designer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-25276 (GCVE-0-2019-25276)

Vulnerability from cvelistv5 – Published: 2026-02-04 23:15 – Updated: 2026-02-05 17:24

Title

Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path

Summary

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-428 - Unquoted Search Path or Element

Assigner

VulnCheck

References

URL

Tags

	https://www.exploit-db.com/exploits/47676	exploit
	https://www.rockwellautomation.com/en_NA/overview.page	product
	https://www.vulncheck.com/advisories/studio-logix…	third-party-advisory

Impacted products

	Vendor	Product	Version
	Rockwellautomation	Studio	Affected: 5000

Date Public ?

2019-11-18 00:00

Credits

Luis Martinez

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25276",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T17:24:42.525254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T17:24:48.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Studio",
          "vendor": "Rockwellautomation",
          "versions": [
            {
              "status": "affected",
              "version": "5000"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luis Martinez"
        }
      ],
      "datePublic": "2019-11-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\\Program Files (x86)\\Rockwell Software\\FactoryTalk Activation\\ to inject malicious code that would execute with LocalSystem permissions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T23:15:52.435Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-47676",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/47676"
        },
        {
          "name": "Rockwell Automation Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.rockwellautomation.com/en_NA/overview.page"
        },
        {
          "name": "VulnCheck Advisory: Studio 5000 Logix Designer 30.01.00 - \u0027FactoryTalk Activation Service\u0027 Unquoted Service Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/studio-logix-designer-factorytalk-activation-service-unquoted-service-path"
        }
      ],
      "title": "Studio 5000 Logix Designer 30.01.00 - \u0027FactoryTalk Activation Service\u0027 Unquoted Service Path",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25276",
    "datePublished": "2026-02-04T23:15:52.435Z",
    "dateReserved": "2026-01-06T16:07:08.526Z",
    "dateUpdated": "2026-02-05T17:24:48.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-14653

CVE-2019-25276 (GCVE-0-2019-25276)

Tags

Sightings

Nomenclature