Rockwell Automation has sent an urgent message to all of its customers because of rising geopolitical issues and hostile cyber activity worldwide.
The company is asking that any devices currently connected to the public internet be checked out immediately and shut down if they aren’t meant to do so.
This proactive step is meant to lower the attack surface and lower the risk of harmful cyber activity from outside threat actors who are not allowed to do so.
Rockwell Automation stresses that devices like cloud and edge offerings not made to connect to the public internet should never be set up to connect straight to the public internet.
By cutting off this connection, users can make themselves much less vulnerable to online threats.
Guidance and Resources for Enhanced Cybersecurity
Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) have provided several resources to assist customers in identifying and disconnecting exposed assets, these include:
- Rockwell Automation | Advisory on web search tools that identify ICS devices and systems connected to the Internet [login required]
- CISA | NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
- CISA | How-to Guide: Stuff Off Shodan
These documents offer detailed information on identifying assets exposed to the public internet and the steps necessary to disconnect them.
In cases where disconnection is not feasible, Rockwell Automation strongly advises customers to follow the security best practices outlined in their document; adhering to these guidelines can help bolster defenses against potential cyber threats.
As the global cyber threat landscape continues to evolve, Rockwell Automation’s advisory serves as a critical reminder of the importance of robust cybersecurity measures.
Customers can play a crucial role in safeguarding their operations against malicious cyber activities by taking immediate action to secure their devices.
Customers should be aware of the following linked CVEs and ensure that mitigations are in place, if possible.
| CVE No. | Alert Code (ICSA) | Advisory Name and Link, URL |
| 2021-22681 | 21-056-03 | CISA | Rockwell Automation Logix Controllers (Update A) |
| 2022-1159 | 22-090-07 | CISA | Rockwell Automation Studio 5000 Logix Designer |
| 2023-3595 | 23-193-01 | CISA | Rockwell Automation Select Communication Modules |
| 2023-46290 | 23-299-06 | CISA | Rockwell Automation FactoryTalk Services Platform |
| 2024-21914 | 24-086-04 | CISA | Rockwell Automation FactoryTalk View ME |
| 2024-21915 | 24-046-16 | CISA | Rockwell Automation FactoryTalk Service Platform |
| 2024-21917 | 24-030-06 | CISA | Rockwell Automation FactoryTalk Service Platform |
Source: https://bit.ly/3uS5LZ2