PatchSiren cyber security CVE debrief
CVE-2019-9893 Rockwell Automation CVE debrief
This CVE describes a vulnerability in libseccomp versions 2.4.0 and earlier, which is utilized by Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier. The flaw involves incorrect generation of 64-bit syscall argument comparisons when using arithmetic operators (LT, GT, LE, GE), which could allow bypassing seccomp filters and potential privilege escalation. If exploited, this vulnerability could enable remote code execution. The issue was addressed in DataMosaix Private Cloud version 7.09.
- Vendor
- Rockwell Automation
- Product
- DataMosaix Private Cloud
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-10
- Original CVE updated
- 2024-10-10
- Advisory published
- 2024-10-10
- Advisory updated
- 2024-10-10
Who should care
Organizations operating Rockwell Automation DataMosaix Private Cloud versions 7.07 or earlier, particularly those in industrial and manufacturing environments where this platform is deployed. Security teams responsible for ICS/OT infrastructure, system administrators managing DataMosaix deployments, and compliance officers overseeing critical infrastructure protection should prioritize this update.
Technical summary
The vulnerability exists in libseccomp versions 2.4.0 and earlier, a library used by DataMosaix Private Cloud for system call filtering. When generating BPF (Berkeley Packet Filter) code for 64-bit syscall argument comparisons using arithmetic operators (less than, greater than, less than or equal, greater than or equal), the library produces incorrect comparisons. This flaw can be exploited to bypass seccomp-based sandbox restrictions, potentially allowing an attacker to execute arbitrary code with elevated privileges. The network-accessible nature of the affected product combined with the low complexity of exploitation contributes to the critical severity rating.
Defensive priority
CRITICAL
Recommended defensive actions
- Upgrade to DataMosaix Private Cloud version 7.09 or later to address the libseccomp vulnerability
- Apply security best practices as recommended by Rockwell Automation to minimize exploitation risk
- Review and implement CISA ICS recommended practices for industrial control systems defense
- Monitor for anomalous system behavior that may indicate seccomp filter bypass attempts
- Ensure proper network segmentation for DataMosaix Private Cloud deployments to limit attack surface
Evidence notes
The vulnerability stems from libseccomp's improper handling of 64-bit syscall argument comparisons with arithmetic operators. This affects the sandboxing capabilities of seccomp, potentially allowing malicious actors to circumvent security restrictions. The CVSS 3.1 score of 9.8 reflects critical severity due to network attack vector, low attack complexity, no required privileges, and high impact on confidentiality, integrity, and availability.
Official resources
-
CVE-2019-9893 CVE record
CVE.org
-
CVE-2019-9893 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-10