PatchSiren cyber security CVE debrief
CVE-2023-31102 Rockwell Automation CVE debrief
CVE-2023-31102 is a high-severity vulnerability in Rockwell Automation AADvance Trusted SIS Workstation software, published on September 12, 2024. The vulnerability stems from an integer underflow in 7-Zip's handling of 7Z archive files, which can lead to arbitrary code execution when a user opens a malicious archive. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction. Rockwell Automation has released version 2.00.02 to address this issue. Users unable to upgrade should avoid opening archives from untrusted sources and follow established ICS security best practices.
- Vendor
- Rockwell Automation
- Product
- AADvance Trusted SIS Workstation
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Industrial control system operators, OT security teams, and engineers using Rockwell Automation AADvance Trusted SIS Workstation for safety instrumented system engineering and maintenance
Technical summary
An integer underflow vulnerability in 7-Zip's 7Z file parser allows remote attackers to execute arbitrary code in the context of the current process. The flaw occurs due to improper validation of user-supplied data, leading to memory corruption. Exploitation requires user interaction—specifically, opening a malicious 7Z archive file. The vulnerability affects AADvance Trusted SIS Workstation versions 2.00.01 and earlier, which bundle the vulnerable 7-Zip component.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade AADvance Trusted SIS Workstation to version 2.00.02 or later
- Avoid archiving or restoring projects from unknown or untrusted sources
- Implement ICS security best practices including network segmentation and least privilege access
- Review and apply Rockwell Automation security advisories for additional guidance
Evidence notes
CVE published 2024-09-12 per CISA CSAF advisory ICSA-24-256-20. Affected product: AADvance Trusted SIS Workstation <=2.00.01. Root cause: integer underflow in 7-Zip 7Z file parsing due to insufficient input validation.
Official resources
-
CVE-2023-31102 CVE record
CVE.org
-
CVE-2023-31102 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12