CVE-2022-1018: ICSA-22-088-01 Rockwell Automation ISaGRAF

First published: Tue Mar 29 2022(Updated: )

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.

Credit: ics-cert@hq.dhs.gov

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/remedy
• agent/author
• agent/weakness
• agent/title
• agent/description
• agent/first-publish-date
• agent/severity
• agent/references
• agent/softwarecombine
• agent/tags
• agent/event
• collector/ics-cert-advisory
• source/ICS
• agent/software-canonical-lookup
• vendor/rockwellautomation
• canonical/rockwellautomation connected components workbench
• version/rockwellautomation connected components workbench/12.0
• canonical/rockwellautomation isagraf
• version/rockwellautomation isagraf/6.6.9
• canonical/rockwellautomation safety instrumented systems workstation
• version/rockwellautomation safety instrumented systems workstation/1.1
• vendor/rockwell automation
• canonical/rockwell automation connected component workbench: v12.00 and prior