Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities
Low RiskICS-CERT ICSA-14-294-01Jul 24, 2014
Summary
Rockwell Automation Connected Components Workbench (CCW) versions 6.01.00 and earlier contain vulnerabilities in an ActiveX component that could allow arbitrary code execution. The vulnerability is triggered when the component is instantiated in a web browser or via a file with embedded ActiveX control. No patch is available from the vendor.
What this means
What could happen
An attacker with access to a user's engineering workstation could execute arbitrary code through the CCW ActiveX component, potentially allowing them to modify PLC logic, process parameters, or alarms without authorization.
Who's at risk
Engineering teams using Rockwell Automation Connected Components Workbench (CCW) on workstations for PLC programming and configuration. This affects any organization running manufacturing, water treatment, power generation, or other critical infrastructure that relies on Rockwell PLCs and uses CCW for system engineering.
How it could be exploited
An attacker would need to trick an engineer into visiting a malicious website or opening a specially crafted file on the engineering workstation running CCW. The browser or application would load the vulnerable ActiveX component and execute attacker-supplied code in the context of the logged-in user.
Prerequisites
- Engineering workstation with Rockwell Automation CCW version 6.01.00 or earlier installed
- User must visit attacker-controlled website or open malicious file in web browser or email
- ActiveX controls must be enabled in browser (default in Internet Explorer)
No vendor patch available (end-of-life product)Requires user interaction (social engineering)Engineering workstation compromise could lead to unauthorized PLC changesAffects system engineering environment
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Rockwell Automation CCW: <=6.01.00≤ 6.01.00No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDDisable ActiveX controls in web browsers used on engineering workstations, or restrict to trusted sites only
WORKAROUNDRequire use of modern browsers (Chrome, Firefox, Edge) instead of Internet Explorer on engineering workstations, as they do not support ActiveX
Mitigations - no patch available
0/2Rockwell Automation CCW: <=6.01.00 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict network access to engineering workstations: use VPN or physical isolation to limit who can reach CCW workstations from the general network or internet
HARDENINGMonitor and restrict outbound internet access from engineering workstations to prevent download of malicious content
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3e685dce-7058-4509-8d96-a70594f74c4e