CVE-2022-1018 (GCVE-0-2022-1018)

Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 16:32
VLAI?
Summary
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
Impacted products
Vendor Product Version
Rockwell Automation Connected Component Workbench Affected: All , < 12 (custom)
Create a notification for this product.
Credits
kimiya of Trend Micro’s Zero Day Initiative reported this vulnerability to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:59.168246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:32:28.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Connected Component Workbench",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThan": "12",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ISaGRAF",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThan": "6.6.9",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safety Instrumented Systems Workstation",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThan": "1.1",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "kimiya of Trend Micro\u2019s Zero Day Initiative reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2022-03-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-01T22:17:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Rockwell Automation encourages users to update to the available software revisions below:\n\nConnected Component Workbench: Update to v13.00\nISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned.\nSafety Instrumented Systems Workstation: Update to v1.2"
        }
      ],
      "source": {
        "advisory": "ICSA-22-088-01",
        "discovery": "EXTERNAL"
      },
      "title": "ICSA-22-088-01 Rockwell Automation ISaGRAF",
      "workarounds": [
        {
          "lang": "en",
          "value": "If an upgrade is not possible or available, users should apply the following mitigations:\n\nRun Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\nDo not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\nUse Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329\nEnsure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-03-29T17:00:00.000Z",
          "ID": "CVE-2022-1018",
          "STATE": "PUBLIC",
          "TITLE": "ICSA-22-088-01 Rockwell Automation ISaGRAF"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Connected Component Workbench",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "12"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ISaGRAF",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "6.6.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safety Instrumented Systems Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "kimiya of Trend Micro\u2019s Zero Day Initiative reported this vulnerability to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Rockwell Automation encourages users to update to the available software revisions below:\n\nConnected Component Workbench: Update to v13.00\nISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned.\nSafety Instrumented Systems Workstation: Update to v1.2"
          }
        ],
        "source": {
          "advisory": "ICSA-22-088-01",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If an upgrade is not possible or available, users should apply the following mitigations:\n\nRun Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\nDo not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\nUse Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329\nEnsure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1018",
    "datePublished": "2022-04-01T22:17:24.599Z",
    "dateReserved": "2022-03-17T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:32:28.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:connected_components_workbench:*:*:*:*:-:*:*:*\", \"versionEndIncluding\": \"12.0\", \"matchCriteriaId\": \"06DE97E4-74B3-4CC2-99C4-7EB0E38D5F34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:isagraf:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.6.9\", \"matchCriteriaId\": \"6B871240-C4D4-478D-9A6A-378A082B5365\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:safety_instrumented_systems_workstation:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1\", \"matchCriteriaId\": \"C576D1B7-D890-4172-9500-E8FFF3366E4B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.\"}, {\"lang\": \"es\", \"value\": \"Cuando es abierto un archivo de soluci\\u00f3n malicioso proporcionado por un atacante, la aplicaci\\u00f3n sufre una vulnerabilidad de tipo XML external entity debido a una llamada no segura dentro de un archivo de biblioteca de enlace din\\u00e1mico. Un atacante podr\\u00eda aprovechar esto para pasar datos de archivos locales a un servidor web remoto, conllevando a una p\\u00e9rdida de confidencialidad\"}]",
      "id": "CVE-2022-1018",
      "lastModified": "2024-11-21T06:39:52.100",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-04-01T23:15:12.177",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-1018\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-04-01T23:15:12.177\",\"lastModified\":\"2024-11-21T06:39:52.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.\"},{\"lang\":\"es\",\"value\":\"Cuando es abierto un archivo de soluci\u00f3n malicioso proporcionado por un atacante, la aplicaci\u00f3n sufre una vulnerabilidad de tipo XML external entity debido a una llamada no segura dentro de un archivo de biblioteca de enlace din\u00e1mico. Un atacante podr\u00eda aprovechar esto para pasar datos de archivos locales a un servidor web remoto, conllevando a una p\u00e9rdida de confidencialidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:connected_components_workbench:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"12.0\",\"matchCriteriaId\":\"06DE97E4-74B3-4CC2-99C4-7EB0E38D5F34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:isagraf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.6.9\",\"matchCriteriaId\":\"6B871240-C4D4-478D-9A6A-378A082B5365\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:safety_instrumented_systems_workstation:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1\",\"matchCriteriaId\":\"C576D1B7-D890-4172-9500-E8FFF3366E4B\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Connected Component Workbench\", \"vendor\": \"Rockwell Automation\", \"versions\": [{\"lessThan\": \"12\", \"status\": \"affected\", \"version\": \"All\", \"versionType\": \"custom\"}]}, {\"product\": \"ISaGRAF\", \"vendor\": \"Rockwell Automation\", \"versions\": [{\"lessThan\": \"6.6.9\", \"status\": \"affected\", \"version\": \"All\", \"versionType\": \"custom\"}]}, {\"product\": \"Safety Instrumented Systems Workstation\", \"vendor\": \"Rockwell Automation\", \"versions\": [{\"lessThan\": \"1.1\", \"status\": \"affected\", \"version\": \"All\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"value\": \"kimiya of Trend Micro\\u2019s Zero Day Initiative reported this vulnerability to CISA.\"}], \"datePublic\": \"2022-03-29T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-04-01T22:17:24.000Z\", \"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation encourages users to update to the available software revisions below:\\n\\nConnected Component Workbench: Update to v13.00\\nISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned.\\nSafety Instrumented Systems Workstation: Update to v1.2\"}], \"source\": {\"advisory\": \"ICSA-22-088-01\", \"discovery\": \"EXTERNAL\"}, \"title\": \"ICSA-22-088-01 Rockwell Automation ISaGRAF\", \"workarounds\": [{\"lang\": \"en\", \"value\": \"If an upgrade is not possible or available, users should apply the following mitigations:\\n\\nRun Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\\nDo not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\\nUse Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329\\nEnsure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"2022-03-29T17:00:00.000Z\", \"ID\": \"CVE-2022-1018\", \"STATE\": \"PUBLIC\", \"TITLE\": \"ICSA-22-088-01 Rockwell Automation ISaGRAF\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Connected Component Workbench\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"All\", \"version_value\": \"12\"}]}}, {\"product_name\": \"ISaGRAF\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"All\", \"version_value\": \"6.6.9\"}]}}, {\"product_name\": \"Safety Instrumented Systems Workstation\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_name\": \"All\", \"version_value\": \"1.1\"}]}}]}, \"vendor_name\": \"Rockwell Automation\"}]}}, \"credit\": [{\"lang\": \"eng\", \"value\": \"kimiya of Trend Micro\\u2019s Zero Day Initiative reported this vulnerability to CISA.\"}], \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.\"}]}, \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\", \"refsource\": \"MISC\", \"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\"}]}, \"solution\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation encourages users to update to the available software revisions below:\\n\\nConnected Component Workbench: Update to v13.00\\nISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned.\\nSafety Instrumented Systems Workstation: Update to v1.2\"}], \"source\": {\"advisory\": \"ICSA-22-088-01\", \"discovery\": \"EXTERNAL\"}, \"work_around\": [{\"lang\": \"en\", \"value\": \"If an upgrade is not possible or available, users should apply the following mitigations:\\n\\nRun Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\\nDo not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\\nUse Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329\\nEnsure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\"}]}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:47:42.899Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:54:59.168246Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:55:01.616Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"assignerShortName\": \"icscert\", \"cveId\": \"CVE-2022-1018\", \"datePublished\": \"2022-04-01T22:17:24.599Z\", \"dateReserved\": \"2022-03-17T00:00:00.000Z\", \"dateUpdated\": \"2025-04-16T16:32:28.157Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.