Rockwell Automation AADvance Trusted SIS Workstation

Act NowCVSS 7.8ICS-CERT ICSA-24-256-20Sep 12, 2024

Rockwell Automation

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

AADvance Trusted SIS Workstation versions 2.00.01 and earlier contain improper input validation vulnerabilities (CWE-20, CWE-787) that allow code execution when a user opens a malicious archive or project file. Successful exploitation occurs in the context of the running process. The vulnerability is not remotely exploitable and requires local access and user interaction. Rockwell Automation has released version 2.00.02 as a fix.

What this means

What could happen

An attacker with local access to a workstation could execute arbitrary code with the privileges of the currently running process, potentially compromising safety integrity system design and validation on a SIS engineering environment.

Who's at risk

This vulnerability affects Rockwell Automation AADvance Trusted SIS Workstation, which is used by safety instrumented system engineers and technicians to design, validate, and configure safety systems in critical infrastructure such as oil and gas, chemical processing, power generation, and water treatment facilities. Anyone managing or programming safety systems using AADvance Trusted SIS should consider this a priority.

How it could be exploited

The vulnerability requires the attacker to have local access to the AADvance workstation and trick a user into interacting with a malicious input (via file archive/restore or other user interaction). Once the user opens the malicious content, the attacker's code executes in the context of the running process.

Prerequisites

Local access to the AADvance Trusted SIS Workstation
User interaction required (opening or importing a malicious archive or project file)
Version 2.00.01 or earlier installed

Local access requiredUser interaction requiredHigh EPSS score (38.4%)Affects safety system engineering environmentCan lead to code execution

Exploitability

Likely to be exploited — EPSS score 50.7%

Affected products (1)

ProductAffected VersionsFix Status

AADvance Trusted SIS Workstation: <=2.00.01≤ 2.00.012.00.02

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not archive or restore projects from unknown or untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AADvance Trusted SIS Workstation to version 2.00.02 or later

Long-term hardening

0/2

HARDENINGRestrict physical and remote access to engineering workstations to authorized personnel only

HARDENINGIsolate SIS engineering workstations from business networks and the internet

CVEs (2)

CVE-2023-31102 CVE-2023-40481

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/af897aa0-e70a-4e9d-ba35-5fe11182b4e8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.