Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software
Rockwell Automation has released security updates for vulnerabilities in several ICS products, including Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx, and the FactoryTalk automation suite. The advisories address issues such as authentication bypass and denial-of-service risks in FactoryTalk Historian Site Edition (CVE IDs not specified in the article), improper API authorization in FactoryTalk Analytics PavilionX, multiple DoS flaws in certain CompactLogix/ControlLogix and GuardLogix controllers (including CVE IDs not specified), and a critical adapter weakness that could let an unauthenticated attacker reset a web interface password. While Rockwell noted in-the-wild exploitation of an older issue tracked as CVE-2021-22681, the article says the newly patched vulnerabilities have not yet been targeted by threat actors.