May 22, 2024 at 09:57AM
Rockwell Automation urges customers to secure industrial control systems from internet exposure. Shodan search reveals 7,000+ connected items. The company cautions against public internet connectivity for non-designed devices. They address recent vulnerabilities and the potential for cyber attacks due to global tensions. CISA has also raised awareness of Rockwell’s notice.
From the meeting notes, it’s clear that Rockwell Automation has issued a high-priority security notice to its customers. The company is urging customers to take immediate action to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats. This urgent advisory is in response to heightened geopolitical tensions and adversarial cyber activity globally.
Rockwell Automation has highlighted several vulnerabilities found and patched in recent years, including CVE-2021-22681, CVE-2022-1159, CVE-2023-3595, CVE-2023-3596, CVE-2023-46290, CVE-2024-21914, CVE-2024-21915, and CVE-2024-21917. These flaws can potentially lead to DoS attacks, privilege escalation, modification of settings, remote compromise of PLCs, and even Stuxnet-style attacks.
The security notice also mentions that threat actors, particularly APT groups, have attempted to exploit Rockwell product vulnerabilities, as evidenced by the discovery of exploits targeting CVE-2023-3595 and CVE-2023-3596. However, there are no confirmed reports of actual attacks.
It’s important to note that the US cybersecurity agency CISA has also posted an alert to bring attention to Rockwell’s notice. This recent development suggests a high level of concern regarding potential cyber threats targeting Rockwell industrial products.
Overall, Rockwell Automation’s guidance emphasizes the importance of removing any connectivity to the public-facing internet for devices not specifically designed for public internet connectivity. This proactive step can help reduce the attack surface and minimize exposure to unauthorized and malicious cyber activity from external threat actors. Additionally, the advisory links to relevant resources, including guidance and best practices for addressing these security concerns.