Rockwell Automation Discloses Over a Dozen Product Vulnerabilities to Key Organizations

Rockwell Automation, a global automation company, has disclosed more than a dozen vulnerabilities in its products, according to a report by SecurityWeek. This disclosure was made available to its customers, and some were also distributed by the US Cybersecurity and Infrastructure Security Agency (CISA). These advisories describe vulnerabilities found in Rockwell’s Kinetix 5500 control routers, PanelView 800 graphics terminals, Arena event simulation and automation software, and ThinManager software management platform. One advisory also describes potential weaknesses in FactoryTalk Vantagepoint. The vulnerabilities ranged from having Telnet and FTP ports open by default on Kinetix 5500 control routers to cross-site scripting (XSS) vulnerabilities in ArmorStart ST distributed motor controllers. The advisories provided details on which vulnerabilities the US CISA declared “Known Exploited Vulnerabilities” (KEV).

These advisories were publicized at the same time that US government departments are investigating Rockwell’s operations in China. It was suspected that employees located in Dalian could access information that would allow them to compromise Rockwell’s customer systems. There is concern that these employees may find vulnerabilities in Rockwell software and exploit them in zero-day attacks that target systems in the United States.

The disclosure of vulnerabilities in Rockwell Automation’s products indicates the growing need for cybersecurity vigilance in the industrial control system (ICS) domain. Attackers have been known to weaponize these known vulnerabilities, as evidenced by the Stuxnet worm that targeted industrial control systems in Iranian nuclear facilities in 2010.

To avoid such incidents, experts advise organizations to take several measures, including revisiting their security policies to address vulnerabilities and keeping firmware up to date. It is also crucial to know which vulnerabilities pose a significant risk and to prioritize patching those vulnerabilities. Organizations should encourage their employees to practice good cyber hygiene, such as following secure passreplace protocols and reporting suspicious emails and messages.

As industrial control systems and operational technology increasingly become interconnected, cybersecurity should be considered a business imperative. Manufacturers and their customers need to work together to identify potential dangers, enhance risk management, and build resilience in ICS. Manufacturers should prioritize security in their product design, development, and testing. At the same time, customers must implement robust security controls and practice utmost vigilance to minimize the risks.

Cybersecurity–cybersecurity,RockwellAutomation,productvulnerabilities,disclosure,organizations