Rockwell Automation has released critical patches to fix several vulnerabilities identified in its industrial control systems (ICS) and software products. These updates, announced on Tuesday, target flaws in Logix and CompactLogix controllers, among other systems, ensuring enhanced security for users.
FactoryTalk Vulnerabilities Addressed
Significant vulnerabilities in the FactoryTalk Historian Site Edition have been rectified, including issues that allowed attackers to bypass authentication and execute denial-of-service (DoS) attacks. These high and critical-severity vulnerabilities posed serious risks to industrial operations.
Additionally, a high-severity issue within the FactoryTalk Analytics PavilionX product has been patched. This flaw, related to improper API authorization, could have permitted unauthorized users to perform privileged operations, potentially affecting user and role management.
Controller Flaws and Solutions
Critical updates have also been applied to CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers. A high-severity DoS vulnerability was identified, which could trigger a major fault requiring specialized recovery procedures. Moreover, several CompactLogix models were vulnerable to additional DoS attacks.
The Flex I/O dual-port Ethernet/IP adapters were susceptible to an unpatched DoS flaw and a critical vulnerability that could enable unauthorized password changes, leading to potential account takeovers.
Third-Party Component Issues in RSLinx
In the RSLinx industrial communication software, Rockwell addressed a longstanding DoS vulnerability linked to a third-party component. This fix is part of the broader effort to secure its software suite against potential cyber threats.
Though the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disseminated Rockwell’s advisories, it did not issue a separate notice regarding the FactoryTalk Historian vulnerabilities. Despite these updates, Rockwell assured that the latest vulnerabilities have not been exploited in the wild.
While previous issues like CVE-2021-22681 have seen real-world exploitation, the current patches aim to preemptively fortify Rockwell’s systems against similar threats. This proactive approach underscores the company’s commitment to industrial cybersecurity.
