Today, CISA’s NCCIC-ICS published five control system security advisories for products from Rockwell Automation.
Advisories
Flex IO Advisory - This advisory describes two vulnerabilities in the Rockwell FLEX I/O EtherNet/IP Adapters.
CompactLogix Advisory - This advisory describes two vulnerabilities in the Rockwell CompactLogix products.
Logix 5370 Advisory - This advisory describes an improper resource shutdown or release vulnerability in the Rockwell Logix 5370 & 5570 Controllers.
RSLinx Advisory - This advisory describes an improper restriction of operations withing the bounds of a memory buffer vulnerability (with publicly available exploit) in the Rockwell RSLinx Classic server.
FactoryTalk Advisory - This advisory describes a missing authorization vulnerability in the Rockwell FactoryTalk Analytics PavilionX.
For more information on these advisories, including a down-the-rabbit-hole look at the RSLinx vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-6-16-26 - subscription required.
Posts
No comments:
Post a Comment