Rockwell Automation’s Vulnerability Patch-a-palooza: Critical Flaws Fixed!

Rockwell Automation patches critical vulnerabilities in its FactoryTalk software, including a remote command execution bug. DataMosaix also gets a fix for a SQLite flaw. While no wild exploits are reported, organizations should act fast—because hackers love industrial automation systems as much as we love Wi-Fi at a coffee shop.

3P
Published: January 29, 2025 11:29 amAdded: January 29, 2025 at 3:51 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Rockwell Automation is doing a spring cleaning in autumn! With a slew of vulnerabilities patched, their systems have more holes than Swiss cheese, but at least they’re plugging them faster than a toddler can find a mud puddle!

Key Points:

  • Rockwell Automation released six new security advisories for critical and high-severity vulnerabilities.
  • FactoryTalk View Machine Edition had one critical and one high-severity issue patched.
  • DataMosaix Private Cloud had a critical SQLite vulnerability and a high-severity path traversal issue resolved.
  • Additional fixes include a DoS vulnerability in the ICE2 controller and a credential exposure in PowerFlex 755.
  • No evidence of exploitation in the wild, but CISA has issued advisories for these vulnerabilities.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?