Rockwell Automation Urged Customers to Keep ICS Away from the Internet
22 May 2024 at 03:04
Rockwell Automation has urged customers to immediately disconnect all industrial control systems facing the public Internet. The company cites increasing malicious activity amid mounting geopolitical tensions worldwide a reason for this recommendation.
The company advised customers to disconnect devices not specifically meant to face the public internet such as its cloud and edge offerings. Air gapping ICS systems from the public-facing internet can significantly reduce the attack surface of the organizations and protect their critical infrastructure from cyber threats, an advisory from the company suggested.
Rockwell Automation is a major provider of ICS products that has been in business for nearly a decade. Headquartered in Milwaukee, Wisconsin the industrial automation giant provides services for Architecture and Software segments meant for controlling the customer's industrial processes as well as Industrial Control Product Solution segments such as intelligent motor control, industrial control products, application expertise, and project management capabilities. "Due to heightened geopolitical tensions and increased adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, to urgently remove that connectivity for devices not specifically designed for public internet connectivity," Rockwell Automation stated.Rockwell Automation Discourages Remote Connections to ICS
In its latest security advisory, Rockwell Automation stressed that network defenders should never configure ICS devices to allow remote connections from systems outside the local network. It advised organizations that disconnecting these systems from the public-facing internet could significantly reduce their attack surface. This action prevents threat actors from gaining direct access to vulnerable systems that may not yet have been patched against security vulnerabilities, thus protecting internal networks from potential breaches. Rockwell Automation has also cautioned customers to implement necessary mitigation measures against several security vulnerabilities in its ICS devices. These vulnerabilities, identified by their CVE IDs, span across several Rockwell products like Logix Controllers, Studio 5000 Logix Designer, and FactoryTalk platforms. The list of these vulnerabilities is as follows:- CVE-2021-22681: Rockwell Automation Logix Controllers (Update A)
- CVE-2022-1159: Rockwell Automation Studio 5000 Logix Designer
- CVE-2023-3595: Rockwell Automation Select Communication Modules
- CVE-2023-46290: Rockwell Automation FactoryTalk Services Platform
- CVE-2024-21914: Rockwell Automation FactoryTalk View ME
- CVE-2024-21915: Rockwell Automation FactoryTalk Service Platform
- CVE-2024-21917: Rockwell Automation FactoryTalk Service Platform