CVE-2022-1018

Name of the Vulnerable Software and Affected Versions Connected Components Workbench (CCW) (affected versions not specified) Safety Instrumented Systems Workstation (SISW) (affected versions not specified) ISaGRAF Workbench (affected versions not specified)

Description The issue is related to an XML external entity vulnerability due to an unsafe call within a dynamic link library file. This could allow an attacker to exploit the vulnerability by providing a malicious solution file, potentially leading to a loss of confidentiality by passing data from local files to a remote web server. The vulnerability is associated with incorrect restriction of XML external entity references.

Recommendations For Connected Components Workbench (CCW), consider disabling the dynamic link library file that contains the unsafe call until a patch is available. For Safety Instrumented Systems Workstation (SISW), restrict access to the library file that is vulnerable to XML external entity attacks to minimize the risk of exploitation. For ISaGRAF Workbench, avoid opening malicious solution files from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.