OTPulse
FeedAboutContact

Rockwell Automation AADvance Trusted SIS Workstation

Act Now7.8ICS-CERT ICSA-24-256-20Sep 12, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Improper input validation and buffer overflow vulnerabilities (CWE-20, CWE-787) in AADvance Trusted SIS Workstation versions 2.00.01 and earlier allow local code execution when a user opens or imports a malicious project file or archive. Exploitation requires user interaction and local access; remote exploitation is not possible. Successful exploitation allows an attacker to execute code in the context of the logged-in user process, potentially compromising safety system engineering data and configurations.

What this means
What could happen
An attacker with local access to an AADvance Trusted SIS Workstation could execute arbitrary code with the privileges of the logged-in user, potentially compromising safety system engineering data and configuration.
Who's at risk
Safety instrumented system (SIS) engineering teams using Rockwell Automation AADvance Trusted SIS Workstations for safety logic design, verification, and configuration. This affects any organization using SIS workstations for safety-critical process control in utilities, manufacturing, and chemical facilities.
How it could be exploited
An attacker must have local access to the workstation (or trick a user into opening a malicious file). The attack vector is user interaction: the attacker could craft a malicious project file, archive, or similar input that exploits improper input validation (CWE-20) or a buffer overflow (CWE-787) when the user opens or imports it. Once code execution is achieved, the attacker runs in the user's process context.
Prerequisites
  • Local access to the AADvance Trusted SIS Workstation or ability to trick a user into opening a malicious file
  • Workstation running affected version 2.00.01 or earlier
  • User interaction required: user must open/import a malicious project or archive file
high EPSS score (38.4%)affects safety systemsuser interaction requiredlocal access required
Exploitability
High exploit probability (EPSS 38.4%)
Affected products (1)
ProductAffected VersionsFix Status
AADvance Trusted SIS Workstation: <=2.00.01≤ 2.00.012.00.02
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDo not archive or restore projects from unknown or untrusted sources
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AADvance Trusted SIS Workstation to version 2.00.02 or later
Long-term hardening
0/2
HARDENINGIsolate control system networks and workstations behind firewalls, ensuring they are not accessible from the internet
HARDENINGImplement network segmentation to limit lateral movement from business networks to engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/af897aa0-e70a-4e9d-ba35-5fe11182b4e8
Rockwell Automation AADvance Trusted SIS Workstation | CVSS 7.8 - OTPulse