Rockwell Products Impacted by Chromium Type Confusion
Act Now4ICS-CERT ICSA-22-209-01Jul 28, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A type confusion vulnerability in the Chromium component used by Rockwell Automation products could cause a denial-of-service condition, crashing the affected software. The vulnerability affects Connected Components Workbench (versions 11, 12, 13, 20), Enhanced HIM for PowerFlex 6000T (version 1.001), FactoryTalk Linx Enterprise (versions 6.20, 6.21, 6.30), and FactoryTalk View Site Edition (version 13). The vulnerability is not remotely exploitable and requires local access to the workstation or HIM system.
What this means
What could happen
This vulnerability can cause a denial-of-service condition on affected Rockwell engineering workstations and HIM systems, potentially disrupting operator access to control interfaces during critical plant operations.
Who's at risk
Energy sector organizations using Rockwell Automation engineering and operator interface software should be concerned. This specifically affects Connected Components Workbench used for PLC programming, FactoryTalk View Site Edition operator interfaces, Enhanced HIM systems on PowerFlex 6000T variable frequency drives, and FactoryTalk Linx Enterprise communications software.
How it could be exploited
An attacker with local access to an affected Rockwell workstation or HIM system could trigger a type confusion flaw in the Chromium-based component to crash the application. This would interrupt operator visibility and control capabilities until the application is manually restarted.
Prerequisites
- Local access to the affected Rockwell software system
- No special credentials or elevated privileges required
actively exploited (KEV)high EPSS score (47.9%)no patch availablelow complexity
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
Enhanced HIM (eHIM) for PowerFlex 6000T:1.001No fix (EOL)
FactoryTalk Linx Enterprise software:6.20 | 6.21 | 6.30No fix (EOL)
FactoryTalk View Site Edition:13No fix (EOL)
Connected Components Workbench software:11 | 12 | 13 | 20No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1FactoryTalk View Site Edition:
WORKAROUNDFor FactoryTalk View Site Edition: Disable web browser control if not required for operations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
FactoryTalk View Site Edition:
HOTFIXFor FactoryTalk View Site Edition: Manually replace Microsoft WebView2 file in C:\Program Files (x86)\Rockwell Software\RS View Enterprise\Microsoft.WebView2.FixedVersionRuntime with an updated version
Enhanced HIM (eHIM) for PowerFlex 6000T:
HOTFIXFor Enhanced HIM (eHIM) PowerFlex 6000T: Update Microsoft Edge browser to Version 99.0.1150 or later
All products
HOTFIXFor all affected products: Apply vendor patches when released by Rockwell Automation
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Enhanced HIM (eHIM) for PowerFlex 6000T:, FactoryTalk Linx Enterprise software:, FactoryTalk View Site Edition:, Connected Components Workbench software:. Apply the following compensating controls:
HARDENINGImplement network segmentation and access controls to restrict local access to engineering workstations and HIM systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6243c0ed-d35d-42f9-886d-42e45677ac93