CVE-2022-1018
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | Connected Component Workbench | All < 12 | affected |
| Rockwell Automation | ISaGRAF | All < 6.6.9 | affected |
| Rockwell Automation | Safety Instrumented Systems Workstation | All < 1.1 | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Workarounds
If an upgrade is not possible or available, users should apply the following mitigations:
Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system. Do not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Use Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.