Critical Rockwell Controller Flaw Exploited in Global Attacks
The Israel National Cyber Directorate (INCD) has issued a warning regarding the active exploitation of a critical vulnerability affecting specific Rockwell Automation controller series. This flaw, originally identified in 2021, is now being leveraged by threat actors worldwide to compromise industrial control systems.
Rockwell Automation has not released a security update for this specific vulnerability. Their current recommendation is to operate the affected controllers in βRun Modeβ to prevent unauthorized configuration changes. The INCD strongly advises limiting access to these controllers, ensuring only necessary business-related IP addresses can connect. Furthermore, it is crucial to verify that direct internet access to these controllers is strictly prohibited.
Attached Files:
What This Means For You
- Immediately review and restrict network access to all Rockwell Automation controllers, ensuring only essential internal systems can communicate with them and blocking any direct internet exposure.
Related ATT&CK Techniques
π‘οΈ Detection Rules
1 rule Β· 6 SIEM formats1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.
Web Application Exploitation Attempt β Critical Rockwell Controller Flaw
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| INCD Advisory | Auth Bypass | Rockwell Automation controller series |
| INCD Advisory | Configuration Change | Rockwell Automation controller series |
Source & Attribution
| Source Platform | INCD |
| Channel | Israel National Cyber Directorate |
| Published | March 11, 2026 at 14:00 UTC |
| Original Link | https://www.gov.il/he/pages/alert_1975 |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Huawei Zero-Day Downs Luxembourg's Critical Infrastructure
Luxembourg experienced a nationwide outage of mobile, landline, and even emergency services for over three hours, attributed to a zero-day vulnerability in a Huawei router....
Pwn2Own Berlin 2026 Concludes: 47 Zero-Days, $1.3 Million Awarded
The Pwn2Own Berlin 2026 hacking conference wrapped up, yielding an astounding 47 new zero-day vulnerabilities and distributing $1.3 million in rewards, as reported by Cyber...
Targeted Phishing Campaign Active in Israel Exploits Compromised Email Accounts
Shimi's Cyber World has learned of a targeted phishing campaign currently active in Israel, as reported by the Israel National Cyber Directorate (INCD). The campaign...