#RockwellAutomation

ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell

November 13, 2024 by Xynik

November 13, 2024 at 07:21AM CISA, Schneider Electric, Siemens, and Rockwell Automation have issued security advisories for November 2024’s Patch Tuesday, focusing on vulnerabilities in industrial control systems. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Participants:** CISA, Schneider Electric, Siemens, and Rockwell Automation. 2. **Key Event:** November 2024 Patch Tuesday security advisories have … Read more

Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation

November 4, 2024 by Xynik

November 4, 2024 at 05:07AM Siemens and Rockwell Automation are enhancing cybersecurity for industrial organizations, yet face challenges in encouraging customers to install security systems and upgrade their Industrial Control Systems (ICS). **Meeting Takeaways:** 1. **Collaboration on Cybersecurity**: Siemens and Rockwell Automation are actively working together to enhance cybersecurity measures in industrial organizations. 2. **Challenges … Read more

ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva

August 14, 2024 by Xynik

August 14, 2024 at 04:51AM Siemens, Schneider Electric, Rockwell Automation, Aveva, and the US cybersecurity agency CISA published ICS security advisories. Siemens addressed 9 advisories covering around 50 vulnerabilities, including critical and high-severity flaws in SINEC NMS. Schneider Electric addressed vulnerabilities in EcoStruxure and Accutech Manager. Aveva published 3 high-severity advisories, while Rockwell Automation addressed … Read more

Rockwell PLC Security Bypass Threatens Manufacturing Processes

August 6, 2024 by Xynik

August 6, 2024 at 09:05AM A security vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices allows remote attackers to send elevated commands, compromising operational technology. The bug bypasses Rockwell’s trusted slot mechanism, enabling unauthorized access to critical infrastructure. To mitigate, apply Rockwell’s patches immediately to affected devices widely used in industrial manufacturing environments. … Read more

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

August 5, 2024 by Xynik

August 5, 2024 at 02:18AM A high-severity security bypass vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices, disclosed by the U.S. Cybersecurity and Infrastructure Security Agency, allows attackers to execute CIP commands, potentially modifying user projects and device configuration. The vulnerability has been addressed in specific device versions after responsible disclosure. Claroty, the … Read more

Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers

August 2, 2024 by Xynik

August 2, 2024 at 08:12AM Rockwell Automation’s Logix programmable logic controllers (PLCs) were found to have a high-severity security bypass vulnerability by Claroty. The flaw, tracked as CVE-2024-6242, impacts ControlLogix 1756 devices and other controllers. Both Rockwell and CISA issued advisories and released patches. Exploitation requires network access to the targeted device, presenting serious implications. … Read more

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

July 4, 2024 by Xynik

July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) … Read more

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

June 14, 2024 by Xynik

June 14, 2024 at 06:39AM Rockwell Automation has addressed three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software, including an authentication issue and a local privilege escalation vulnerability. These flaws have been patched in version 14, with advisories published by both Rockwell and CISA. Additionally, a vulnerability affecting certain controllers has also … Read more

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

May 22, 2024 by Xynik

May 22, 2024 at 08:42AM Rockwell Automation urges customers to disconnect industrial control systems not meant for public internet access due to heightened geopolitical tensions and cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency supports this action, warning of malicious actors targeting operational technology assets. Research also highlights the susceptibility of PLCs to web-based … Read more

ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric

May 15, 2024 by Xynik

May 15, 2024 at 06:36AM Major industrial control systems providers, including Siemens, Rockwell Automation, Mitsubishi Electric, and Johnson Controls, have issued Patch Tuesday advisories addressing vulnerabilities in their products. Siemens has published 15 advisories, addressing critical vulnerabilities in various products, while Rockwell Automation and Mitsubishi Electric also reported high-severity vulnerabilities. CISA has informed organizations about … Read more