The Cybersecurity & Infrastructure Security Agency (CISA) issued ICS Advisory 21-056-03 on February 25, regarding Rockwell Automation Logix controllers and software. Rockwell Automation says it has taken proactive steps in conjunction with the CISA to mitigate any risks.
The risk evaluation cites that successful exploitation of insufficiently protected credentials could allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers. Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.
