Pega Robotic Automation and Pega Browser Extension Arbitrary File-Write Vulnerability

An arbitrary file-write vulnerability has been identified in Pega Robotic Automation versions 22.1 and R25, specifically for users running automations in Google Chrome or Microsoft Edge. This vulnerability allows a bad actor to create a malicious website that, when visited by a Robot Runtime user, could execute harmful code targeting the Pega Browser Extension.

Impact

Exploitation of this vulnerability could lead to unauthorized file writing, potentially allowing for the execution of malicious code or manipulation of files within the user's environment.

Remediation

Users are advised to update to Pega Browser Extension version 3.1.45 or later. For those using Pega Robotic Automation version 22.1, only the Pega Browser Extension update is necessary. Users on version R25 should update both Robot Studio and Robot Runtime to version 25.1.13.