CVE-2022-1018
Published: 01 April 2022
Summary
CVE-2022-1018 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Rockwellautomation Connected Components Workbench. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2022-1018 is an XML external entity (XXE) flaw under CWE-611 that affects an application when it opens a solution file. The root cause is an unsafe call inside a dynamic link library that performs XML processing without disabling external entity resolution.
An unauthenticated local attacker can supply a crafted solution file and trick a user into opening it. Successful exploitation allows the attacker to read arbitrary local files and exfiltrate their contents to a remote server, producing a loss of confidentiality while leaving integrity and availability unaffected. The CVSS 3.1 score is 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).
CISA has published ICS advisories (ICSA-22-088-01) that address the issue. The EPSS score has remained flat at its recorded peak of 0.0914.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-24368
Vulnerability details
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local…
more
files to a remote web server, leading to a loss of confidentiality.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.