VISAM VBASE Automation Base

Monitor5.5ICS-CERT ICSA-23-080-05Apr 3, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

VISAM VBASE Automation Base versions prior to 11.7.5 contain XML external entity (XXE) vulnerabilities that allow an attacker with local workstation access to read sensitive information from the system. The vulnerabilities have low attack complexity but require user interaction, such as opening a malicious file attachment or document. Successful exploitation could expose configuration data, credentials, or proprietary automation logic.

What this means

What could happen

An attacker with local access to a VBASE Automation Base workstation could read sensitive information from the system, such as configuration data, credentials, or automation logic that should be protected.

Who's at risk

Organizations using VBASE Automation Base for industrial automation and control logic should apply this update. This affects engineering workstations and automation platforms used in manufacturing, water/wastewater treatment, and electric utility control systems.

How it could be exploited

An attacker must have local access to the VBASE workstation (via physical access or user-level login). They would then exploit an XML external entity (XXE) vulnerability to read files from the system and extract sensitive data. The attack requires some user interaction, such as opening a malicious file or clicking a link.

Prerequisites

Local access to VBASE Automation Base workstation
User interaction required (opening a file or clicking a link)
No elevated privileges required

Local access required (not remotely exploitable)Low attack complexityUser interaction requiredNo public exploits available

Exploitability

Moderate exploit probability (EPSS 2.3%)

Affected products (1)

ProductAffected VersionsFix Status

VBASE Automation Base:< 11.7.511.7.5

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEducate users about not clicking links or opening attachments in unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate VBASE Automation Base to version 11.7.5 or later

Long-term hardening

0/1

HARDENINGRestrict local login access to VBASE workstations to authorized personnel only

CVEs (7)

CVE-2022-41696 CVE-2022-43512 CVE-2022-45121 CVE-2022-45468 CVE-2022-45876 CVE-2022-46286 CVE-2022-46300

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3022e854-af2d-4348-b9c4-f90f2584ec95