Content Hub!
Access free educational content.

Rockwell Reveals 10 Vulnerabilities in 3 Popular Products

Users are urged to implement best practices to mitigate the potential risks with FactoryTalk, PowerFlex and Arena Simulation.

Sean Riley
Apr 3, 2024
Company issues three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products
Company issues three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products

Rockwell Automation recently issued three security advisories highlighting 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation products. The US Cybersecurity and Infrastructure Security Agency (CISA) has also echoed these advisories to inform organizations about the identified vulnerabilities within the industrial automation company's offerings.

Among the disclosed vulnerabilities, one advisory focused on six flaws within the Arena Simulation software. These included five high-severity arbitrary code execution vulnerabilities and one medium-severity information disclosure and denial-of-service (DoS) issue. Each vulnerability necessitates the user to open a malicious file to exploit it. Rockwell Automation credited the discovery of these vulnerabilities to ICS cybersecurity researcher Michael Heinzl, who is recognized for reporting critical vulnerabilities that often involve manipulating specifically crafted files. Heinzl's advisories elaborated on the exploitation methods involving customized DOE files reported to the vendor through CISA in November 2023.

In another advisory, Rockwell Automation addressed three high-severity vulnerabilities in its PowerFlex product, which are susceptible to DoS attacks. While patches for these vulnerabilities are pending, the vendor recommends customers implement mitigations and adhere to security best practices to mitigate the risk.

The third advisory highlighted a medium-severity security issue identified during internal testing of the FactoryTalk View ME product. Updates have been released to address this vulnerability, which could allow a malicious user to remotely restart the PanelView Plus 7 terminal without security safeguards, resulting in loss of control or visibility over the PanelView product.

“A vulnerability exists in the affected product that allows a malicious user to restart the PanelView Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView product,” the company explained.         

Related Stories
About 77% of surveyed end-users say malware is a top concern for remote services technology.
Business Intelligence
Cybersecurity Concerns Hinder Investment in Remote Services Technology
The overall global packaging machinery market is on the rise, with a predicted 2023-2027 gain of around $10.1 billion.
Business Intelligence
Asia Pacific Set to Continue Packaging Machinery Market Lead Through 2027
Pages From 2023 World Packaging Machinery Executive Summary
Business Intelligence
PMMI's 2024 World Packaging Machinery Webinar
The pharma sector holds the highest production expansion investment levels in 2023, with several large manufacturers announcing investments in the billions.
Business Intelligence
End User Sectors Vary in U.S. Packaging Machinery Purchase Trends
Top Stories
Cloud data storage can act as a backup for disaster recovery.
Business Intelligence
Data and Analytics Management Varies Across Companies
Methods of data management across the packaging and processing industry vary greatly, but one major trend with some controversy is the move toward cloud storage.
Measures cover the full life cycle of packaging and will lead to less packaging, less waste, and restrictions on certain packaging formats
Home
New EU Rules Adopted to Reduce, Reuse and Recycle Packaging
Harnessing The Power Of Ai
Webinars
Harnessing the Power of AI
OEMs can use remote services to solve many issues without the need to travel to end-users' plants, but some problems still require in-person assistance.
Business Intelligence
Practical Applications for the Future of Remote Services
Pack Expo
PACK EXPO
Registration Is Open for PACK EXPO International 2024
How to Honor a Leader
Induction into the Packaging & Processing Hall of Fame is the highest honor in our industry. Submit your leader to be considered for the Class of 2024 now through June 10th. New members will be inducted at PACK EXPO International in Chicago.
Read More
How to Honor a Leader
Test Your Cyber Security Smarts
Take OEM's cyber security quiz to prove your knowledge!
Read More
Test Your Cyber Security Smarts
Products
Marshalling Terminal Blocks Weidmuller Usa
DCS Marshalling Terminal Blocks
Weidmuller's Klippon® Connect W2C and W2T ranges offer last-minute design changes, efficient testing, and user-friendly features for complex automation applications.
Compliant Controller
HMI Systems for Industrial Automation
More Products
In Print
OEM Magazine Spring OEM 2024
Spring OEM 2024
OEM Magazine Winter OEM 2023
Winter OEM 2023
OEM Magazine Fall 2023 OEM + OEM Insider
Fall 2023 OEM + OEM Insider
OEM Magazine Summer 2023 OEM
Summer 2023 OEM
SubscribeArchives
Downloads
View more »
Oem 2022 Digitalization Base Hero
Software
The Digitalization Effect
Oem 2022 Cybersecurity Base Hero
Safety
OEM News Roundup: Cybersecurity
Oem Top2021 Base Hero
Home
OEM's Most Popular Articles
Oem Covid News 2020 Base Hero
Home
OEM's Take on COVID-19
View more »