OTPulse
FeedAboutContact

Rockwell Automation Connected Components Workbench

Monitor7ICS-CERT ICSA-17-047-01Feb 16, 2017
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Connected Components Workbench versions 9.01.00 and earlier contain an insecure file loading vulnerability (CWE-427) that could allow arbitrary code execution when a user opens a malicious project file or component library. The vulnerability exists in all supported language editions of the Free Standard Edition and Developer Edition variants. Rockwell Automation has not released a fix and does not plan to update this product line.

What this means
What could happen
A malicious file opened in Connected Components Workbench could allow arbitrary code execution on the engineering workstation, potentially granting an attacker the ability to modify PLC programs, alter control logic, or manipulate data before it's deployed to plant equipment.
Who's at risk
Manufacturing facilities and utilities using Rockwell Automation CompactLogix, MicroLogix, or ControlLogix PLCs with engineering teams that rely on Connected Components Workbench for program development and deployment. This affects any organization where engineers create or modify PLC logic on Windows workstations connected to the plant network.
How it could be exploited
An attacker could craft a malicious file (likely a project file or component library) and trick an engineer into opening it using Connected Components Workbench. The application would execute embedded code without proper validation. From the compromised workstation, the attacker could then access connected PLCs or modify programs before deployment.
Prerequisites
  • User must open a malicious file in Connected Components Workbench (social engineering required)
  • Connected Components Workbench must be installed on the engineering workstation
  • The workstation must have access to the plant network or have stored credentials for PLC access
No patch available (end-of-life product)Requires user interaction (file must be opened)Could lead to unauthorized PLC program modificationAffects development/engineering environment
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (8)
8 EOL
ProductAffected VersionsFix Status
Connected Components Workbench - Free Standard Edition (All Supported Languages): v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVFRE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVENE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVPTE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVDEE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVITE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVESE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Connected Components Workbench - Developer Edition 9328-CCWDEVZHE: v9.01.00 and earlier≤ 9.01.00No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict file sharing and downloads on engineering workstations; educate engineers to only open project files from trusted sources and internal repositories
WORKAROUNDRequire code review and change management procedures for any program files before deployment to PLCs
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement application whitelisting on engineering workstations to block execution of unsigned or unexpected code
HARDENINGIsolate engineering workstations on a separate network segment with strict access controls to production PLCs
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: Connected Components Workbench - Free Standard Edition (All Supported Languages): v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVFRE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVENE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVPTE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVDEE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVITE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVESE: v9.01.00 and earlier, Connected Components Workbench - Developer Edition 9328-CCWDEVZHE: v9.01.00 and earlier. Apply the following compensating controls:
HARDENINGMonitor engineering workstations for unexpected process execution or network connections to PLCs
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3e1c92f9-1b11-46e0-935f-c74015f3ca95
Rockwell Automation Connected Components Workbench | CVSS 7 - OTPulse