Today, CISA announced that it had added an insufficiently protected credentials vulnerability in multiple Rockwell Automation products to CISA’s Known Exploited Vulnerabilities Catalog. Rockwell previously disclosed the vulnerability in February 2021, and most recently updated that advisory in July 2022. Today, they updated their advisory to report the KEV designation. The vulnerability was originally reported to Rockwell by Claroty Team 82.
CISA has
ordered federal agencies utilizing the affected product to apply “mitigations
per vendor instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations are unavailable.” A
deadline of March 26th, 2026 has been provided.
Posts
No comments:
Post a Comment