CVE-2022-1018: 
Rockwell Automation Connected Components Workbench vulnerability analysis and mitigation

CVE-2022-1018 is an XML external entity vulnerability affecting Rockwell Automation's ISaGRAF software suite. The vulnerability was discovered and reported by kimiya of Trend Micro's Zero Day Initiative. The issue affects multiple versions of Rockwell Automation software products including Connected Component Workbench (v12.00 and prior), ISaGRAF Workbench (versions prior to v6.6.10), and Safety Instrumented Systems Workstation (v1.1 and prior) (CISA Advisory).

The vulnerability stems from an unsafe call within a dynamic link library file when opening a malicious solution file. It has been assigned a CVSS v3 base score of 5.5 with the vector string (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating local access, low attack complexity, no privileges required, and user interaction required (CISA Advisory).

Successful exploitation of this vulnerability could allow an attacker to pass local file data to a remote web server, potentially leading to loss of confidentiality. The vulnerability affects multiple critical infrastructure sectors worldwide (CISA Advisory).

Rockwell Automation has released updates to address this vulnerability: Connected Component Workbench should be updated to v13.00, ISaGRAF Workbench to v6.6.10, and Safety Instrumented Systems Workstation to v1.2. If updates are not possible, users should run Connected Components Workbench as a User rather than Administrator, avoid opening untrusted files, implement training programs for phishing awareness, use Microsoft AppLocker, and follow the least-privilege principle (CISA Advisory).