OTPulse
FeedAboutContact

Rockwell Automation Integrated Architecture Builder Access Violation Memory Error

Monitor6.3ICS-CERT ICSA-16-056-01Nov 28, 2016
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionRequired
Summary

Integrated Architecture Builder versions 9.6.0.7 and earlier, as well as versions 9.7.0.0 and 9.7.0.1, contain an access violation memory error that can be triggered by a high-privilege user with local access. The vulnerability can cause the application to crash, disrupting engineering work. No vendor fix is currently available for any affected version.

What this means
What could happen
An attacker with local access and high privileges on an engineering workstation could trigger a memory error in Integrated Architecture Builder, potentially causing the application to crash and denying access to automation engineering functions.
Who's at risk
Manufacturing and automation engineers using Rockwell Automation's Integrated Architecture Builder development environment on engineering workstations. This affects anyone responsible for designing, configuring, or maintaining PLC and automation system logic.
How it could be exploited
An attacker with administrative or high-privilege access to a workstation running Integrated Architecture Builder could trigger the memory error through a specific interaction that requires user action. The vulnerability is triggered locally during application execution and could result in application termination.
Prerequisites
  • Local access to the affected workstation
  • High-privilege user account (Administrator or equivalent)
  • User interaction required (application must be in use)
  • Ability to interact with the application interface
Local access requiredHigh privilege requiredNo patch availableUser interaction needed
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Integrated Architecture Builder: <=9.6.0.7≤ 9.6.0.7No fix (EOL)
Integrated Architecture Builder: 9.7.0.0|9.7.0.19.7.0.0|9.7.0.1No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDMonitor workstations for unexpected application crashes or behavior in Integrated Architecture Builder
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: Integrated Architecture Builder: <=9.6.0.7, Integrated Architecture Builder: 9.7.0.0|9.7.0.1. Apply the following compensating controls:
HARDENINGImplement access controls on engineering workstations running Integrated Architecture Builder to restrict administrative access to authorized personnel only
HARDENINGRestrict physical and network access to workstations running Integrated Architecture Builder to limit exposure to local attack vectors
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e8378d99-8091-4323-bb62-31e3424011c3
Rockwell Automation Integrated Architecture Builder Access Violation Memory Error | CVSS 6.3 - OTPulse