Rockwell Automation Logix Designer Studio 5000 (ICSA-20-191-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper restriction of XML external entity reference vulnerability in Rockwell Automation Logix Designer Studio 5000. Versions 32.00, 32.01, and 32.02 are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to craft a malicious file, which when parsed, could lead to some information disclosure of hostnames or other resources from the program. Rockwell Automation recommends that affected users of the AML or RDF files should not accept files from unknown sources and remain cautious of social engineering attempts that may take advantage of this vulnerability. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.