OTPulse
FeedAboutContact

Rockwell Automation Emulate3D

Monitor6.7ICS-CERT ICSA-24-235-01Aug 22, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

Emulate3D version 17.00.00.13276 and earlier contain a code execution vulnerability (CWE-610) that allows a local user to execute arbitrary code under user privileges. The vulnerability requires user interaction (such as opening a malicious file) and has high attack complexity. No known public exploitation has been reported. A patch is available in version 17.00.00.13348.

What this means
What could happen
An attacker with local access and user privileges to an Emulate3D workstation could execute arbitrary code, potentially compromising automation control logic or engineering tools used to manage industrial equipment.
Who's at risk
Rockwell Automation Emulate3D users who maintain automation simulation and testing environments. This impacts organizations running PLC/controller development, training, or commissioning labs where Emulate3D is deployed on engineering workstations.
How it could be exploited
An attacker must first gain local access to a machine running the vulnerable Emulate3D software and trick a user into taking action (such as opening a file or clicking a link). The attacker can then exploit the vulnerability to run code with the permissions of the logged-in user. This is a local privilege escalation, not remote.
Prerequisites
  • Local access to the Emulate3D workstation
  • Non-administrative user account credentials
  • User interaction required (social engineering to open a malicious file or click a link)
  • Emulate3D version 17.00.00.13276 or earlier
Local exploitation onlyUser interaction requiredHigh attack complexityEngineering workstation compromise could alter automation logic or configurations
Exploitability
Moderate exploit probability (EPSS 1.3%)
Affected products (1)
ProductAffected VersionsFix Status
Emulate3D: 17.00.00.1327617.00.00.1327617.00.00.13348
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDEducate users not to open unsolicited files or click suspicious links on engineering workstations
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Emulate3D to version 17.00.00.13348 or later
HARDENINGRestrict local access to Emulate3D workstations to trusted personnel only; use physical security controls and access lists
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate engineering workstations running Emulate3D from production networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/08d1a89a-de43-4e78-8285-93e244114519