Rockwell Products Impacted by Chromium Type Confusion

CVSS 4.0 MEDIUM CISA KEV — Known Exploited

Risk Summary

Successful exploitation of this vulnerability could cause a denial-of-service condition.

CVE-2022-1096

Users currently utilizing the FactoryTalk View Site Edition should avoid using the web browser control if it is not required for the intended use of the product.
Users currently utilizing the FactoryTalk View Site Edition web browser can manually download and apply the updated version of WebView2 by performing these recommended actions:
Replace the Microsoft WebView2 file in the C:\Program Files (x86)\Rockwell Software\RS View Enterprise\Microsoft.WebView2.FixedVersionRuntime directory by copying and pasting the new version of the software into the folder.
Users should be sure to not remove the contents of the folder before pasting the new file.
Users currently utilizing Enhanced HIM (eHIM) for Power Flex 6000T drives should perform the following recommended actions to address the vulnerability:
Update the Microsoft Edge browser to Version 99.0.1150 or later.
Apply the update for eHIM when made available.
If applying the mitigations noted above is not feasible, then see Rockwell Automation's Knowledgebase article, Security Best Practices (login required), for additional recommendations for maintaining adequate environment security posture.

Rockwell Automation

Rockwell Automation · Connected Components Workbench software 11 | 12 | 13 | 20

Rockwell Automation · Enhanced HIM (eHIM) for PowerFlex 6000T 1.001

Rockwell Automation · FactoryTalk Linx Enterprise software 6.20 | 6.21 | 6.30

Rockwell Automation · FactoryTalk View Site Edition 13

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.