Rockwell Products Impacted by Chromium Type Confusion

Act NowCVSS 4ICS-CERT ICSA-22-209-01Jul 28, 2022

Rockwell AutomationEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A type confusion vulnerability in the Chromium component used by Rockwell Automation products could cause a denial-of-service condition, crashing the affected software. The vulnerability affects Connected Components Workbench (versions 11, 12, 13, 20), Enhanced HIM for PowerFlex 6000T (version 1.001), FactoryTalk Linx Enterprise (versions 6.20, 6.21, 6.30), and FactoryTalk View Site Edition (version 13). The vulnerability is not remotely exploitable and requires local access to the workstation or HIM system.

What this means

What could happen

This vulnerability can cause a denial-of-service condition on affected Rockwell engineering workstations and HIM systems, potentially disrupting operator access to control interfaces during critical plant operations.

Who's at risk

Energy sector organizations using Rockwell Automation engineering and operator interface software should be concerned. This specifically affects Connected Components Workbench used for PLC programming, FactoryTalk View Site Edition operator interfaces, Enhanced HIM systems on PowerFlex 6000T variable frequency drives, and FactoryTalk Linx Enterprise communications software.

How it could be exploited

An attacker with local access to an affected Rockwell workstation or HIM system could trigger a type confusion flaw in the Chromium-based component to crash the application. This would interrupt operator visibility and control capabilities until the application is manually restarted.

Prerequisites

Local access to the affected Rockwell software system
No special credentials or elevated privileges required

actively exploited (KEV)high EPSS score (47.9%)no patch availablelow complexity

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

Enhanced HIM (eHIM) for PowerFlex 6000T:1.001No fix (EOL)

FactoryTalk Linx Enterprise software:6.20 | 6.21 | 6.30No fix (EOL)

FactoryTalk View Site Edition:13No fix (EOL)

Connected Components Workbench software:11 | 12 | 13 | 20No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

FactoryTalk View Site Edition:

WORKAROUNDFor FactoryTalk View Site Edition: Disable web browser control if not required for operations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

FactoryTalk View Site Edition:

HOTFIXFor FactoryTalk View Site Edition: Manually replace Microsoft WebView2 file in C:\Program Files (x86)\Rockwell Software\RS View Enterprise\Microsoft.WebView2.FixedVersionRuntime with an updated version

Enhanced HIM (eHIM) for PowerFlex 6000T:

HOTFIXFor Enhanced HIM (eHIM) PowerFlex 6000T: Update Microsoft Edge browser to Version 99.0.1150 or later

All products

HOTFIXFor all affected products: Apply vendor patches when released by Rockwell Automation

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Enhanced HIM (eHIM) for PowerFlex 6000T:, FactoryTalk Linx Enterprise software:, FactoryTalk View Site Edition:, Connected Components Workbench software:. Apply the following compensating controls:

HARDENINGImplement network segmentation and access controls to restrict local access to engineering workstations and HIM systems

CVEs (1)

CVE-2022-1096

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6243c0ed-d35d-42f9-886d-42e45677ac93

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.