Rockwell Automation Patches Over a Dozen Vulnerabilities in Products
Take action: If using Rockwell Automation products, please review the released list and take action to patch or restrict vulnerable functionalities (like exposed Telnet and FTP which is somehow still a thing in 2023)
Learn More
Rockwell Automation has notified its customers about significant vulnerabilities discovered in multiple products, which have since been patched. During the current week, Rockwell Automation released six new security advisories, four of which were also distributed by the US Cybersecurity and Infrastructure Security Agency (CISA). These advisories outline more than a dozen vulnerabilities. One of the advisories highlights a critical vulnerability in Kinetix 5500 industrial control routers manufactured between May 2022 and January 2023. These devices, running firmware version 7.13, have Telnet and FTP ports open by default, potentially granting unauthorized access to hackers. The vulnerability, identified as CVE-2023-1834, has been addressed with the release of firmware version 7.14. Additionally, two critical flaws have been identified in Rockwell Automation's PanelView 800 graphics terminals. These vulnerabilities are associated with the WolfSSL component and could result in a heap buffer overflow. However, only devices with the email feature enabled in the project file are affected, as the feature is disabled by default. Furthermore, three high-severity buffer overflows, which allow attackers to execute unauthorized code, have been discovered in the Arena event simulation and automation software. Rockwell Automation's ThinManager software management platform is also impacted by a vulnerability related to ciphers. Exploiting this weakness, a malicious actor could decrypt traffic between the client and server API. One of the advisories published by Rockwell Automation, but not reported by CISA, describes a cross-site request forgery in FactoryTalk Vantagepoint. By tricking the target into clicking on a malicious link, an attacker could impersonate a legitimate user. Lastly, another advisory informs customers about ten cross-site scripting (XSS) vulnerabilities in certain ArmorStart ST distributed motor controllers. Exploiting these vulnerabilities requires user interaction and could lead to the viewing or modification of sensitive data in the web interface, or render it inaccessible. It is important to note that none of the vulnerabilities described in the advisories released on Thursday are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
