PatchSiren cyber security CVE debrief
CVE-2023-40481 7-Zip CVE debrief
CVE-2023-40481 is a high-severity vulnerability affecting Rockwell Automation AADvance Trusted SIS Workstation, published on September 12, 2024. The vulnerability stems from an out-of-bounds write in 7-Zip's SquashFS (SQFS) file parsing functionality, which can be exploited for remote code execution when a user opens a malicious archive or visits a malicious page. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction. Rockwell Automation has released version 2.00.02 to address this issue. Users unable to upgrade should avoid archiving or restoring projects from unknown sources and follow established ICS security best practices.
- Vendor
- 7-Zip
- Product
- AADvance Trusted SIS Workstation
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Organizations operating Rockwell Automation AADvance Trusted SIS Workstations in industrial safety instrumented systems (SIS) environments. OT security teams, ICS engineers, and plant operators responsible for maintaining safety system integrity should prioritize this patch due to the potential for remote code execution in critical safety infrastructure.
Technical summary
The vulnerability exists in 7-Zip's SquashFS file parser due to insufficient validation of user-supplied data during SQFS analysis. A malformed archive can trigger a write operation beyond allocated buffer boundaries, enabling arbitrary code execution in the context of the current process. Exploitation requires user interaction through opening a malicious file or visiting a malicious page. The vulnerability affects AADvance Trusted SIS Workstation versions 2.00.01 and earlier, which bundle the vulnerable 7-Zip component for archive operations.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade AADvance Trusted SIS Workstation to version 2.00.02 or later to remediate the 7-Zip SquashFS parsing vulnerability.
- If immediate patching is not feasible, avoid archiving or restoring projects from unknown or untrusted sources.
- Implement ICS security best practices including network segmentation, least privilege access, and monitoring for suspicious file activity.
- Review and apply Rockwell Automation's published security guidance for industrial control systems.
Evidence notes
CVE published and modified 2024-09-12 per CISA CSAF advisory ICSA-24-256-20. Affected product: AADvance Trusted SIS Workstation versions <=2.00.01. Vendor fix available in version 2.00.02 or later.
Official resources
-
CVE-2023-40481 CVE record
CVE.org
-
CVE-2023-40481 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12