CVE-2022-1018 : Security Advisory and Response
Learn about CVE-2022-1018, a vulnerability in Rockwell Automation software including Connected Component Workbench, ISaGRAF, and Safety Instrumented Systems Workstation, enabling data exfiltration and loss of confidentiality.
This article provides an overview of CVE-2022-1018, a vulnerability in Rockwell Automation products that could allow an attacker to compromise confidentiality by exploiting an XML external entity flaw.
Understanding CVE-2022-1018
CVE-2022-1018 is a security vulnerability discovered in Rockwell Automation software, including Connected Component Workbench, ISaGRAF, and Safety Instrumented Systems Workstation. The vulnerability arises from an unsafe call within a dynamic link library file when processing a malicious solution file.
What is CVE-2022-1018?
The vulnerability in Rockwell Automation products arises when opening a malicious solution file provided by an attacker. It is caused by an XML external entity flaw, enabling the attacker to pass data from local files to a remote web server, potentially leading to a loss of confidentiality.
The Impact of CVE-2022-1018
With a CVSS base score of 5.5 (Medium severity), the vulnerability's confidentiality impact is high, posing a risk of data disclosure from local to remote sources. An attacker could exploit this flaw by manipulating XML entities, compromising the integrity of the system.
Technical Details of CVE-2022-1018
The vulnerability is classified under CWE-611 (Improper Restriction of XML External Entity Reference). Rockwell Automation products, including Connected Component Workbench (up to version 12), ISaGRAF (up to version 6.6.9), and Safety Instrumented Systems Workstation (up to version 1.1) are affected.
Vulnerability Description
The vulnerability stems from an XML external entity flaw caused by an unsafe call within a dynamic link library file when processing a malicious solution file.
Affected Systems and Versions
Rockwell Automation products affected include Connected Component Workbench (up to version 12), ISaGRAF (up to version 6.6.9), and Safety Instrumented Systems Workstation (up to version 1.1).
Exploitation Mechanism
Attackers can exploit the vulnerability by enticing users to open a malicious solution file that triggers the unsafe XML external entity call, facilitating data exfiltration.
Mitigation and Prevention
Users are advised to apply the following steps to mitigate the risk posed by CVE-2022-1018:
Immediate Steps to Take
- Update Connected Component Workbench to version 13.00
- Apply available mitigations for ISaGRAF until a patch is released
- Update Safety Instrumented Systems Workstation to version 1.2
Long-Term Security Practices
- Run Rockwell Automation products under least-privilege user accounts
- Avoid opening untrusted files within the affected applications
- Implement user training on identifying phishing attacks
- Utilize application control mechanisms like Microsoft AppLocker
Patching and Updates
Ensure timely application of security patches and updates released by Rockwell Automation to address CVE-2022-1018.