OTPulse
FeedAboutContact

*Rockwell Automation AADvance-Trusted SIS Workstation *

Plan Patch8.8ICS-CERT ICSA-25-317-10Nov 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

AADvance-Trusted SIS Workstation versions 2.00.00 through 2.00.03 contain a path traversal vulnerability (CWE-22) that allows remote code execution when a user opens a malicious file. The vulnerability has a CVSS score of 8.8 and requires user interaction. Rockwell Automation has corrected the issue in version 2.01.00 and later.

What this means
What could happen
An attacker could execute arbitrary code on the AADvance-Trusted SIS Workstation with user interaction, potentially altering critical safety instrumented system logic or safety interlock configurations on the connected process.
Who's at risk
This affects SIS (Safety Instrumented System) engineers and operators at any facility using AADvance-Trusted SIS Workstations for configuration and monitoring of safety critical equipment. Typical users include chemical plants, refineries, power plants, and any process industry relying on safety interlocks and emergency shutdown systems.
How it could be exploited
An attacker crafts a malicious file (likely exploiting a path traversal or file inclusion flaw per CWE-22) and tricks a workstation user into opening it. Once opened, the file executes code in the context of the workstation, giving the attacker control over the SIS engineering and configuration environment.
Prerequisites
  • Network access to the AADvance-Trusted SIS Workstation
  • User interaction required—an operator or engineer must open a malicious file
  • Workstation running affected versions (2.00.00 through 2.00.03)
Remotely exploitableCVSS 8.8 (high severity)Requires user interactionNo patch currently available for affected versionsAffects safety systemsPath traversal vulnerability (CWE-22)
Exploitability
Moderate exploit probability (EPSS 1.7%)
Affected products (1)
ProductAffected VersionsFix Status
AADvance-Trusted SIS Workstation: >=2.00.00|<2.00.04≥ 2.00.00|<2.00.042.01.00
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict network access to AADvance-Trusted SIS Workstations using firewall rules; ensure they are not exposed to the internet or untrusted networks
WORKAROUNDFollow Rockwell Automation security best practices if unable to upgrade
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade AADvance-Trusted SIS Workstation to version 2.01.00 or later
Long-term hardening
0/2
HARDENINGPlace SIS workstations and networks behind firewalls and segregate from business network
HARDENINGImplement user training to recognize and avoid opening untrusted files or suspicious emails
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/44b6e72f-b826-43eb-adc3-7c7bec02e408
*Rockwell Automation AADvance-Trusted SIS Workstation * | CVSS 8.8 - OTPulse