CVE Tools
Back to feed
SecurityWeek ·EN-US News source Patch releasedLogixCompactLogixControlLogix

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

By Eduard Kovacs··1 min read
CVE Tools coverage

Rockwell Automation has released security updates for vulnerabilities in several ICS products, including Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx, and the FactoryTalk automation suite. The advisories address issues such as authentication bypass and denial-of-service risks in FactoryTalk Historian Site Edition (CVE IDs not specified in the article), improper API authorization in FactoryTalk Analytics PavilionX, multiple DoS flaws in certain CompactLogix/ControlLogix and GuardLogix controllers (including CVE IDs not specified), and a critical adapter weakness that could let an unauthenticated attacker reset a web interface password. While Rockwell noted in-the-wild exploitation of an older issue tracked as CVE-2021-22681, the article says the newly patched vulnerabilities have not yet been targeted by threat actors.