March 27, 2024 at 08:48AM
Rockwell Automation released three security advisories identifying a total of 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation software. CISA also issued advisories to organizations, warning about these vulnerabilities. The flaws include high-severity code execution vulnerabilities and one security issue without patches. Exploitation requires user interaction. Stephen Ford has recently been appointed as the company’s CISO.
Based on the meeting notes, here are the key takeaways:
1. Rockwell Automation released three security advisories addressing vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products, which amounted to a total of 10 vulnerabilities.
2. CISA also issued advisories regarding these vulnerabilities to inform organizations.
3. The Arena Simulation software had six flaws, including five high-severity arbitrary code execution vulnerabilities and one medium-severity information disclosure and denial-of-service issue. Exploitation of these vulnerabilities requires convincing the user to open a malicious file. The vulnerabilities were reported by researcher Michael Heinzl, who posted his own advisories about the findings on his personal website.
4. The PowerFlex product has three high-severity vulnerabilities that can be exploited for DoS attacks. No patches have been released, and customers are advised to apply mitigations and security best practices.
5. A medium-severity security issue was discovered in the FactoryTalk View ME product, for which software updates have been released to patch the vulnerability.
6. Rockwell Automation welcomed Stephen Ford as the new vice president and chief information security officer (CISO).
7. Additionally, some related articles were mentioned: “Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches,” “Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks,” and “APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure.”
Let me know if you need more information or specific details about any of the topics mentioned.