Rockwell Automation Patches Critical ICS Controller and Software Vulnerabilities
Rockwell Automation has released security updates to address multiple vulnerabilities in its industrial control systems and software.
Security Updates Released
Rockwell Automation announced on Tuesday that security updates have been released to address multiple vulnerabilities impacting its Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx industrial communication software, and the FactoryTalk automation platform. The updates resolve issues across various products, including critical flaws that could enable unauthorized access, system disruptions, and administrative control compromises.
FactoryTalk Historian Site Edition Vulnerabilities
The FactoryTalk Historian Site Edition received patches for three high- and critical-severity vulnerabilities. These flaws could allow attackers to bypass authentication protocols and execute denial-of-service (DoS) attacks, disrupting operational continuity.
FactoryTalk Analytics PavilionX Flaw
The FactoryTalk Analytics PavilionX product was found to have a high-severity flaw involving improper API authorization. This vulnerability could enable unauthenticated users to perform privileged actions, such as modifying user roles and administrative configurations.
Controller DoS Vulnerabilities
Several CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers were updated to resolve a high-severity DoS vulnerability. Exploitation of this flaw could trigger non-recoverable system faults, requiring specialized recovery procedures. Two additional DoS vulnerabilities were identified in certain CompactLogix controllers, further highlighting risks to industrial control systems.
Flex I/O Adapter Vulnerabilities
The Flex I/O dual-port Ethernet/IP adapters were addressed for a DoS vulnerability and a critical flaw allowing unauthenticated attackers to alter device web interface passwords. This could lead to unauthorized access and full account takeover.
RSLinx DoS Vulnerability
The RSLinx product received a fix for a long-standing DoS vulnerability tied to a third-party component.
CISA Advisory and Active Exploitation
While the U.S. Cybersecurity and Infrastructure Security Agency (CISA) distributed the advisories, it did not issue a separate notice for the FactoryTalk Historian vulnerabilities. Rockwell Automation confirmed that an older vulnerability, tracked as CVE-2021-22681, has been actively exploited in the wild. However, the newly patched flaws have not yet been linked to threat actor activity.
Rockwell Automation emphasized the importance of applying the updates to mitigate potential risks, particularly for systems reliant on industrial control components. Organizations using affected products are advised to review the patches and implement them promptly to prevent exploitation.
About Author
English