Security News > 2021 > June > Flaws in Rockwell Software Impact Products From Schneider Electric, GE and Others
Several vulnerabilities discovered by Kaspersky researchers in Rockwell Automation software impact industrial products from Schneider Electric, GE and other vendors.
The security holes were identified by Kaspersky researchers in Rockwell Automation's ISaGRAF, which is designed for the development of automation products.
In an advisory published this week, Rockwell Automation said the vulnerabilities impact its AADvance control system, ISaGRAF Runtime and ISaGRAF6 Workbench tools, and Micro800 controllers.
In its own advisory released this week, Schneider Electric said several of its industrial automation products use ISaGRAF Runtime and ISaGRAF6 Workbench, including Easergy, MiCOM, PACiS, EPAS, Saitel, SCADAPack, SCD2200 and SAGE products - many of these are remote terminal units.
"ISaGRAF Workbench is used to program applications for embedded devices using IEC 61131-3 languages, and may be incorporated into larger programming and configuration tools. The ISaGRAF Runtime module executes the process control code created in ISaGRAF Workbench on embedded devices," Schneider Electric explained in its advisory.
While Schneider, Rockwell and GE have taken steps to address these vulnerabilities, Kaspersky told SecurityWeek that it cannot name the other vendors as they have yet to release patches for their products.