Rockwell Automation has released patches for multiple vulnerabilities affecting Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx, and the FactoryTalk suite. The issues include authentication bypass, privilege escalation, password changes through unauthorized access, and denial-of-service flaws, while the company says none of the newly patched bugs have been exploited in the wild. #RockwellAutomation #FactoryTalk #Logix #CompactLogix #FlexI/O #RSLinx #FactoryTalkHistorianSiteEdition #FactoryTalkAnalyticsPavilionX #CVE-2021-22681
Keypoints
- Rockwell Automation released fixes for several ICS product vulnerabilities.
- FactoryTalk Historian Site Edition had high and critical flaws that could bypass authentication and trigger DoS attacks.
- FactoryTalk Analytics PavilionX was affected by improper API authorization allowing privileged operations.
- Some Logix and CompactLogix controllers had DoS bugs that could cause major non-recoverable faults.
- Flex I/O adapters and RSLinx also received patches for password takeover and denial-of-service issues.