Rockwell SIS Workstation DotNetZip Third-Party Vulnerability CVE-2024-48510
Plan Patch8.8SD1761Nov 11, 2025
Summary
A vulnerability exists in the DotNetZip third-party library used by Rockwell Automation's SIS Workstation. The DotNetZip library is prone to code execution or arbitrary code injection when processing specially crafted files or requests. This third-party component may allow an attacker to execute commands on the workstation with the privileges of the SIS Workstation application, potentially compromising the integrity and safety of safety instrumented system configurations and logic.
What this means
What could happen
An attacker could exploit a third-party library vulnerability in the SIS Workstation to execute arbitrary code or modify safety instrumented system configurations, potentially disrupting safety-critical processes or altering interlock logic.
Who's at risk
This vulnerability affects safety system engineers and operators who use Rockwell Automation's SIS (Safety Instrumented System) Workstation software for programming and maintaining safety-critical control logic in industries such as oil & gas, chemical processing, power generation, and water/wastewater treatment. Any organization relying on Rockwell SIS for safety system design and deployment should be concerned.
How it could be exploited
An attacker with network access to a SIS Workstation could exploit the vulnerable DotNetZip library by sending a specially crafted payload or file. If the workstation processes untrusted files or if the library is accessible through a network service, code execution is possible, potentially allowing modification of safety system configurations stored locally or on connected controllers.
Prerequisites
- Network access to the SIS Workstation or its network services
- The vulnerable DotNetZip library must be actively used by the SIS Workstation software
- In some cases, the attacker may need to trick an operator into opening a malicious file or trigger processing of untrusted data
No patch available from vendorAffects safety systemsHigh CVSS severity (8.8)Third-party library dependency creates supply chain risk
Exploitability
Moderate exploit probability (EPSS 1.7%)
Affected products (1)
ProductAffected VersionsFix Status
SIS Workstation DotNetZipAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement file integrity monitoring or input validation to detect unauthorized changes to SIS configuration files and reject untrusted file sources
WORKAROUNDRestrict file upload and processing capabilities on the SIS Workstation to minimize exposure if a payload vector exists
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXReplace or isolate the DotNetZip library with a patched version from the Rockwell Automation support portal or directly from the DotNetZip maintainers if a third-party patch exists
Mitigations - no patch available
0/1SIS Workstation DotNetZip has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGApply network segmentation to restrict access to SIS Workstations from untrusted networks and limit outbound connections to required engineering and control networks only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/55cabebf-75f3-446f-935d-21b8161c8b0e