First published: Tue Mar 29 2022(Updated: )
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Connected Components Workbench | <=12.0 | |
Rockwellautomation Isagraf | <=6.6.9 | |
Rockwellautomation Safety Instrumented Systems Workstation | <=1.1 | |
Rockwell Automation Connected Component Workbench: v12.00 and prior |
Rockwell Automation encourages users to update to the available software revisions below: Connected Component Workbench: Update to v13.00 ISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned. Safety Instrumented Systems Workstation: Update to v1.2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.