Security News

A critical, easy to exploit vulnerability may allow attackers to remotely connect to a number of Rockwell Automation's programmable logic controllers and to install new firmware, alter the device's configuration, and so on. Rockwell Automation's PLCs are used around the world to control industrial equipment.

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation. The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.

Researchers have discovered vulnerabilities that expose Rockwell Automation's FactoryTalk Linx and RSLinx Classic products to denial-of-service attacks. According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impacting the FactoryTalk Services Platform.

Vulnerabilities discovered by researchers in Rockwell Automation's FactoryTalk Linx product can allow attackers to compromise engineering workstations in industrial environments. FactoryTalk Linx, formerly known as RSLinx Enterprise, is a widely used product designed for connecting Allen Bradley programmable logic controllers to Rockwell applications, including for programming, data acquisition and HMI interaction.

Rockwell Automation announced the release of new industrial PCs and software to markedly improve the reliability and security of visualization applications. The new industrial Allen-Bradley VersaView 6300 PCs and thin clients combine with FactoryTalk View human-machine interface software and ThinManager thin-client management software to create a complete visualization system.

Rockwell Automation released the PlantPAx 5.0 distributed control system. This latest DCS version from Rockwell Automation helps industrial producers positively impact the lifecycle of their plant operations with plant-wide and scalable systems to drive digital transformation and operational excellence.

Industrial automation giant Rockwell Automation on Friday announced the acquisition of Oylo, a cybersecurity company based in Spain. Founded in 2017, Oylo has been offering solutions for industrial control systems and IoT security, business continuity and resilience, and critical infrastructure and critical business process protection.

Rockwell Automation announced that it has acquired Oylo, a privately-held industrial cybersecurity services provider based in Barcelona, Spain. Oylo is dedicated to providing a broad range of industrial control system cybersecurity services and solutions including assessments, turnkey implementations, managed services and incident response.

PTC and Rockwell Automation announced Factory Insights as a Service, a turnkey cloud solution that enables manufacturers to achieve unprecedented impact, speed, and scale with their digital transformation initiatives. Factory Insights as a Service includes many of the key product components of PTC and Rockwell Automation's FactoryTalk InnovationSuite, including PTC's industry-leading ThingWorx, Kepware, and Vuforia products, optimized for OT data coming from Rockwell Automation's best-in-class automation and information offerings.

Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization's OT network. Claroty researchers discovered that attackers could create special EDS files that would allow them to cause a denial-of-service condition or to inject SQL queries in an effort to write or manipulate files on the system.