Connect with us

Hi, what are you looking for?



Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products

Rockwell Automation customers have been informed about potentially serious vulnerabilities in several products, shortly after news of an investigation into the firm’s China operations.

Rockwell Automation cybersecurity

Rockwell Automation customers have been informed this week about potentially serious vulnerabilities found and patched in several products. The timing coincides with reports of an investigation conducted by the US into the potential cyber risks associated with the automation giant’s operations in China.

Rockwell Automation published six new security advisories this week (registration required) and four of them have also been distributed by the US Cybersecurity and Infrastructure Security Agency (CISA). The advisories describe a total of more than a dozen vulnerabilities. 

One advisory warns organizations that Kinetix 5500 industrial control routers manufactured between May 2022 and January 2023 — specifically devices running firmware version 7.13 — have Telnet and FTP ports open by default, which could allow hackers to access the device. This critical vulnerability is tracked as CVE-2023-1834 and it has been patched with the release of firmware version 7.14. 

Two critical flaws have been found in Rockwell Automation’s PanelView 800 graphics terminals. The security holes are related to the WolfSSL component and they could lead to a heap buffer overflow, but devices are only impacted if the email feature is enabled in the project file — the feature is disabled by default.

Three high-severity buffer overflows, which can allow an attacker to commit or execute unauthorized code, have been found in the Arena event simulation and automation software.

The company’s ThinManager software management platform is affected by an issue related to ciphers. A malicious actor could leverage the weakness to decrypt traffic between the client and server API.

One of the two advisories that were published by Rockwell but were not picked up by CISA describes a cross-site request forgery in FactoryTalk Vantagepoint. The flaw can be exploited to impersonate a legitimate user by getting the target to click on a malicious link. 

Advertisement. Scroll to continue reading.

The second advisory informs customers about 10 cross-site scripting (XSS) vulnerabilities in some ArmorStart ST distributed motor controllers that can be used to view and modify sensitive data in the web interface or make it unavailable. User interaction is required for exploitation.

Rockwell Automation’s advisories now include an entry for each vulnerability specifying whether the bug is included in CISA’s Known Exploited Vulnerabilities (KEV) catalog. None of the flaws described in the Thursday advisories are included. 

Earlier this week, The Wall Street Journal reported that several US government departments are investigating Rockwell’s operations at a facility in Dalian, China, where employees might have access to information that could be used to compromise the systems of the company’s customers.

There has been some concern that those employees could find vulnerabilities in Rockwell software and exploit them in zero-day attacks aimed at systems in the United States.

CISA has published over a dozen security advisories describing Rockwell Automation flaws in the past year. CISA’s advisories inform organizations about more than 30 vulnerabilities affecting Rockwell products, including many rated ‘critical’ or ‘high’.

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs

Related: Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Related: Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.