Rockwell Automation, a major provider of industrial control systems (ICS), has issued an urgent warning to its customers, urging them to immediately disconnect all ICSs not designed for exposure to the public Internet. The company cites increasing malicious activity worldwide as the reason for this recommendation. By taking the recommended action, organizations can significantly reduce their attack surface and protect their critical infrastructure from cyber threats.
Rockwell Automation, established in 1928 and headquartered in Milwaukee, Wisconsin is engaged in the provision of Architecture and Software segments meant for controlling the customer’s industrial processes as well as Industrial Control Product Solution segments such as intelligent motor control, industrial control products, application expertise, and project management capabilities.
Rockwell Automation Discourages Remote Connections of ICSs Outside of Local Network
In its latest security advisory, Rockwell Automation stressed that network defenders should never configure ICS devices to allow remote connections from systems outside the local network. It advised organizations that disconnecting these systems from the public-facing internet could significantly reduce their attack surface. This action prevents threat actors from gaining direct access to vulnerable systems that may not yet have been patched against security vulnerabilities, thus protecting internal networks from potential breaches.
Rockwell Automation has also cautioned customers to implement necessary mitigation measures against several security vulnerabilities impacting its ICS devices. These vulnerabilities, identified by their CVE IDs, span various Rockwell products, including Logix Controllers, Studio 5000 Logix Designer, and FactoryTalk platforms.
In addition to disconnecting non-internet-designed devices, Rockwell Automation also advises customers to take specific mitigation measures to secure their devices against security vulnerabilities impacting several Rockwell ICS devices. These vulnerabilities, listed under CVE IDs, include:
- CVE-2021-22681: Rockwell Automation Logix Controllers (Update A)
- CVE-2022-1159: Rockwell Automation Studio 5000 Logix Designer
- CVE-2023-3595: Rockwell Automation Select Communication Modules
- CVE-2023-46290: Rockwell Automation FactoryTalk Services Platform
- CVE-2024-21914: Rockwell Automation FactoryTalk View ME
- CVE-2024-21915: Rockwell Automation FactoryTalk Service Platform
- CVE-2024-21917: Rockwell Automation FactoryTalk Service Platform
Due to heightened geopolitical tensions and increased adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, to urgently remove that connectivity for devices not specifically designed for public internet connectivity,” Rockwell stated.
Broader Efforts and Mitigation Actions for ICS Security
Along with the security advisory issued by Rockwell Automation, the Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert advising Rockwell customers to implement the security measures.
Earlier in September 2022, the agency along with the NSA had issued recommendations and a how-to guide for reducing exposure across industrial control systems and related operational technologies. The urgency of enhancing ICS security is further highlighted by the collaborative efforts of multiple U.S. federal agencies, including the NSA, FBI, and CISA, along with cybersecurity agencies from Canada and the U.K.
These agencies have previously issued various public statements about the threats posed by hacktivists targeting critical infrastructure operations by exploiting unsecured OT systems.
CISA earlier recommended defensive measures on industrial control systems such as minimizing network exposure, isolating control system networks, and securing remote access through the implementation of Virtual Private Networks (VPNs).
The present administration also issued the 2021 national security memorandum instructing CISA and NIST to develop cybersecurity performance goals for critical infrastructure operators as part of the broader initiatives in recent years to secure critical infrastructure within the United States.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.