CVE-2022-1018

ICSA-22-088-01 Rockwell Automation ISaGRAF

Description

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.

Remediation

Solution:

  • Rockwell Automation encourages users to update to the available software revisions below: Connected Component Workbench: Update to v13.00 ISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned. Safety Instrumented Systems Workstation: Update to v1.2

Workaround:

  • If an upgrade is not possible or available, users should apply the following mitigations: Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system. Do not open untrusted files with Connected Component Workbench, ISaGRAF, SISW. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Use Microsoft AppLocker or other similar allow list application to help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 8.36% Top 10%
Third-Party Advisory cisa.gov
Affected: Rockwell Automation Connected Component Workbench
Affected: Rockwell Automation ISaGRAF
Affected: Rockwell Automation Safety Instrumented Systems Workstation
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01 patch us government resource mitigation third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-1018?
CVE-2022-1018 has been scored as a medium severity vulnerability.
How to fix CVE-2022-1018?
To fix CVE-2022-1018: Rockwell Automation encourages users to update to the available software revisions below: Connected Component Workbench: Update to v13.00 ISaGRAF Workbench: For now, use mitigations listed until a patch is released. More mitigation actions are planned. Safety Instrumented Systems Workstation: Update to v1.2
Is CVE-2022-1018 being actively exploited in the wild?
It is possible that CVE-2022-1018 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~8% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-1018?
CVE-2022-1018 affects Rockwell Automation Connected Component Workbench, Rockwell Automation ISaGRAF, Rockwell Automation Safety Instrumented Systems Workstation.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.