Rockwell Automation warns admins to take ICS devices offline
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.
Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface.
This ensures that threat actors will no longer have direct access to systems that may not yet be patched against security vulnerabilities, allowing attackers to gain access to their targets' internal networks.
"Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity," Rockwell said.
"Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors."
Rockwell also cautioned customers to take the mitigation measures required to secure their devices against the following security vulnerabilities impacting Rockwell ICS devices.
CVE ID | Advisory |
CVE-2021-22681 | CISA | Rockwell Automation Logix Controllers (Update A) |
CVE-2022-1159 | CISA | Rockwell Automation Studio 5000 Logix Designer |
CVE-2023-3595 | CISA | Rockwell Automation Select Communication Modules |
CVE-2023-46290 | CISA | Rockwell Automation FactoryTalk Services Platform |
CVE-2024-21914 | CISA | Rockwell Automation FactoryTalk View ME |
CVE-2024-21915 | CISA | Rockwell Automation FactoryTalk Service Platform |
CVE-2024-21917 | CISA | Rockwell Automation FactoryTalk Service Platform |
Today, CISA also issued an alert regarding Rockwell Automation's new guidance to reduce ICS device exposure to cyberattacks.
In September 2022, the National Security Agency (NSA) and CISA published a joint advisory on securing operational technology (OT) devices and industrial control systems (ICS) against attacks.
Previously, they released guidance on stopping malicious attacks targeting OT control systems (2021) and defending Internet-exposed OT assets (2020).
These advisories built upon several initiatives spearheaded by the Biden administration, including a July 2021 national security memorandum instructing CISA and NIST to develop cybersecurity performance goals and guidance for critical infrastructure operators to help strengthen U.S. critical infrastructure security.
Earlier this month, multiple U.S. federal agencies, including the NSA, FBI, CISA, and cybersecurity agencies from Canada and the U.K., warned of pro-Russian hacktivists disrupting critical infrastructure operations by hacking into unsecured operational technology (OT) systems.
One of these groups, the Cyber Army of Russia, was linked by Mandiant to Sandworm, a hacking group part of Russia's Main Intelligence Directorate (GRU), the country's foreign military intelligence agency.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024