Rockwell Clears Workbench Vulnerability

Wednesday, March 22, 2017 @ 11:03 AM gHale

Rockwell Automation released a new version of its Connected Components Workbench to fix a DLL Hijack vulnerability, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, reported by researcher Ivan Sanchez, could range from a denial of service (DoS) to the injection of malicious code into trusted processes, depending on the content of the DLL and the risk mitigations in place by the victim.

LCDS Fixes SCADA Software
Design Flaws in Accelerometer Hardware
Fatek Clears PLC Ethernet Module Hole
Schneider Mitigates ClearSCADA Issue

The following Connected Components Workbench (CCW), a software configuration platform, versions suffer from the issue:
• Connected Components Workbench – Developer Edition, v9.01.00 and earlier
• Connected Components Workbench – Free Standard Edition (All Supported Languages), v9.01.00 and earlier.

In the vulnerability, certain DLLs included with versions of CCW software can potentially end up hijacked to allow an attacker to gain rights to a victim’s affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges.

CVE-2017-5176 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.

No known public exploits specifically target this vulnerability, which is not remotely exploitable. An attacker would need a high skill level is needed to exploit.

The product sees use in the commercial facilities, defense industrial base, energy, and government facilities sectors. It also sees action on a global basis.

Rockwell Automation released Connected Components Workbench, Version 10.00 and Version 10.01 (All supported languages) which address the identified vulnerability.

Rockwell Automation recommends updating to the latest version of Connected Components Workbench, Version 10.00 or later.

For more information on this vulnerability and more detailed mitigation instructions, please see Rockwell Automation advisory labeled Connected Components Workbench Software Dynamic Link Library (DLL) Hijack Version 1.0, February 16.

Leave a Reply

You must be logged in to post a comment.