New Tool: ProSource
Checkout our packaging and processing solutions finder, ProSource.

Rockwell Reveals 10 Vulnerabilities in 3 Popular Products

Users are urged to implement best practices to mitigate the potential risks with FactoryTalk, PowerFlex and Arena Simulation.

Company issues three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products
Company issues three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products

Rockwell Automation recently issued three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products. The US Cybersecurity and Infrastructure Security Agency (CISA) has also echoed these advisories to inform organizations about the identified vulnerabilities within the industrial automation company's offerings.

Among the disclosed vulnerabilities, one advisory focused on six flaws within the Arena Simulation software. These included five high-severity arbitrary code execution vulnerabilities and one medium-severity information disclosure and denial-of-service (DoS) issue. Each vulnerability necessitates the user to open a malicious file to exploit it. Rockwell Automation credited the discovery of these vulnerabilities to ICS cybersecurity researcher Michael Heinzl, who is recognized for reporting critical vulnerabilities that often involve manipulating specifically crafted files. Heinzl's advisories elaborated on the exploitation methods involving customized DOE files reported to the vendor through CISA in November 2023.

In another advisory, Rockwell Automation addressed three high-severity vulnerabilities in its PowerFlex product, which are susceptible to DoS attacks. While patches for these vulnerabilities are pending, the vendor recommends customers implement mitigations and adhere to security best practices to mitigate the risk.

The third advisory highlighted a medium-severity security issue identified during internal testing of the FactoryTalk View ME product. Updates have been released to address this vulnerability, which could allow a malicious user to remotely restart the PanelView Plus 7 terminal without security safeguards, resulting in loss of control or visibility over the PanelView product.

“A vulnerability exists in the affected product that allows a malicious user to restart the PanelView Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView product,” the company explained.         

How Can You Honor a Leader?
Induction into the Packaging & Processing Hall of Fame is the highest honor in our industry. Submit your leader to be considered for the Class of 2024 now through June 10th. New members will be inducted at PACK EXPO International in Chicago
Read More
How Can You Honor a Leader?
New ebook focused on cartoning equipment
Read about the various types of cartoning equipment, how to select the right one, and common pitfalls to avoid. Plus, read equipment advice from CPGs for ultimate cartoning success.
Read More
New ebook focused on cartoning equipment