Security News > 2020 > March > Critical Bugs in Rockwell, Johnson Controls ICS Gear
Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure.
First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software.
Users of MicroLogix 1400 series B controllers and RSLogix 500 software can update to the latest version to mitigate the issues; but, Rockwell Automation said that there are no mitigations for MicroLogix 1400 series A controllers or MicroLogix 1100 controllers.
The other critical ICS vulnerability disclosed this week exists in Johnson Controls' Kantech EntraPass product, which is a physical security door platform used for access control at industrial environments.
All Corporate Edition versions prior to v8.10 and all Global Edition versions prior to v8.10 are affected by the bug, which was discovered by Johnson Controls' internal security team.