Critical Rockwell Controller Flaw Exploited in Global Attacks
The Israel National Cyber Directorate (INCD) has issued a warning regarding the active exploitation of a critical vulnerability affecting specific Rockwell Automation controller series. This flaw, originally identified in 2021, is now being leveraged by threat actors worldwide to compromise industrial control systems.
Rockwell Automation has not released a security update for this specific vulnerability. Their current recommendation is to operate the affected controllers in โRun Modeโ to prevent unauthorized configuration changes. The INCD strongly advises limiting access to these controllers, ensuring only necessary business-related IP addresses can connect. Furthermore, it is crucial to verify that direct internet access to these controllers is strictly prohibited.
Attached Files:
What This Means For You
- Immediately review and restrict network access to all Rockwell Automation controllers, ensuring only essential internal systems can communicate with them and blocking any direct internet exposure.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| INCD Advisory | Auth Bypass | Rockwell Automation controller series |
| INCD Advisory | Configuration Change | Rockwell Automation controller series |
Found this interesting? Follow us on LinkedIn to stay ahead.