Rockwell Automation has issued a critical security advisory affecting the FactoryTalk Historian-ThingWorx Connector, due to a third-party vulnerability in the Apache log4net logging framework. The vulnerability, tracked as CVE-2018-1285, could allow attackers to exploit improperly configured XML parsing and potentially execute XML External Entity (XXE) attacks.
The flaw lies in older versions of log4net (prior to 2.0.10), which fail to properly disable XML external entity processing during configuration file parsing.
With a CVSS base score of 9.8, this vulnerability poses a severe risk to industrial automation environments, particularly where logging configurations can be manipulated.
“Consequently, a threat actor could exploit this to launch XX-based attacks on applications that accept malicious log4net configuration files,” Rockwell Automation warned.
While the issue is not currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, its critical rating underlines the urgency for remediation.
The following product is impacted:
| Affected Product | First Known in software version | Corrected in software version |
| 95057C-FTHTWXCT11 | v5.00.00 and later |
Rockwell Automation recommends updating to the latest corrected version where possible. For environments where immediate upgrading is not feasible, organizations should:
- Validate the integrity and source of log4net configuration files.
- Isolate vulnerable systems where possible.
- Employ least privilege principles and network segmentation to limit exploitation vectors.
