ROCKWELL Automation has released patches for multiple vulnerabilities impacting its ICS products, including Logix and CompactLogix controllers, RSLinx software, and FactoryTalk suite. Key issues include:
- Three critical vulnerabilities in FactoryTalk Historian that allow authentication bypass and DoS attacks.
- A high-severity API authorization flaw in FactoryTalk Analytics PavilionX enables unauthorized administrative actions.
- DoS vulnerabilities in various controllers that can lead to major faults requiring special recovery.
- A critical vulnerability in Flex I/O adapters allowing attackers to change web interface passwords.
- An old DoS vulnerability in RSLinx patched.
Despite these vulnerabilities being addressed, none have been reported as targeted by attackers recently. CISA has shared advisories but not for FactoryTalk Historian.