Rockwell Automation informed customers on Tuesday that patches are available for several vulnerabilities affecting its Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx industrial communication software, and FactoryTalk automation suite.
In FactoryTalk Historian Site Edition the industrial giant patched three high- and critical-severity vulnerabilities that can be exploited to bypass authentication and launch DoS attacks.
The company told customers that its FactoryTalk Analytics PavilionX product is affected by a high-severity improper API authorization issue that “can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions”.
In some of its CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers, the vendor fixed a high-severity DoS vulnerability that can cause a major, non-recoverable fault requiring a special recovery program. Some CompactLogix controllers are also affected by two other DoS issues.
Flex I/O dual-port Ethernet/IP adapters are affected by a DoS flaw and a critical vulnerability that can be exploited by an unauthenticated attacker to change a device’s web interface password, which could lead to unauthorized access and account takeover.









