July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) … Read more
June 14, 2024 at 06:39AM Rockwell Automation has addressed three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software, including an authentication issue and a local privilege escalation vulnerability. These flaws have been patched in version 14, with advisories published by both Rockwell and CISA. Additionally, a vulnerability affecting certain controllers has also … Read more
May 22, 2024 at 08:42AM Rockwell Automation urges customers to disconnect industrial control systems not meant for public internet access due to heightened geopolitical tensions and cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency supports this action, warning of malicious actors targeting operational technology assets. Research also highlights the susceptibility of PLCs to web-based … Read more
May 15, 2024 at 06:36AM Major industrial control systems providers, including Siemens, Rockwell Automation, Mitsubishi Electric, and Johnson Controls, have issued Patch Tuesday advisories addressing vulnerabilities in their products. Siemens has published 15 advisories, addressing critical vulnerabilities in various products, while Rockwell Automation and Mitsubishi Electric also reported high-severity vulnerabilities. CISA has informed organizations about … Read more
March 27, 2024 at 08:48AM Rockwell Automation released three security advisories identifying a total of 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation software. CISA also issued advisories to organizations, warning about these vulnerabilities. The flaws include high-severity code execution vulnerabilities and one security issue without patches. Exploitation requires user interaction. Stephen Ford has … Read more
March 13, 2024 at 12:45PM Stephen Ford has joined Rockwell Automation as VP and Chief Information Security Officer. With prior experience at McKesson Corporation, HP, and academic institutions, Ford holds a bachelor’s degree in computer science, an MBA from Prairie View A&M University, and a master’s degree from Harvard University. He will report to Chris … Read more
November 7, 2023 at 05:24AM October 2023 saw a total of 31 cybersecurity-related merger and acquisition (M&A) deals. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance its security orchestration, automation, and response (SOAR) capabilities, and Okta’s acquisition of Uno to accelerate the release of its consumer password manager. Other acquisitions were made … Read more
October 24, 2023 at 03:03PM Rockwell Automation has issued a warning to customers that its Stratix industrial switches are vulnerable to an actively exploited Cisco IOS XE zero-day vulnerability. Hackers have been taking advantage of this vulnerability to create high-privileged accounts and gain complete control of affected devices. Rockwell has confirmed that its Stratix 5800 … Read more