ICS Patch Tuesday Rockwell Automation Leads With 8 Security Advisories

Several industrial control systems (ICS) giants have published new security advisories this Patch Tuesday, including Rockwell Automation, Siemens, Schneider Electric, and Phoenix Contact.

Rockwell fixed a sensitive data exposure issue in FactoryTalk Analytics LogixAI and addressed DoS and code execution issues in ControlLogix controllers. It also resolved a remote code execution vulnerability in Stratix (Cisco) devices, a memory corruption in 1783-NATR, a SSRF issue in Automation ThinManager, and a remote code execution flaw in FactoryTalk Optix, along with a data exposure issue in FactoryTalk Activation Manager.

Additionally, a critical severity rating vulnerability impacts Siemens’ User Management Component (UMC), which can be exploited for unauthenticated remote code execution or DoS attacks.

Germany’s CERT@VDE agency published seven new advisories this week, including a critical vulnerability for a Wago controller that can be exploited without authentication for DoS attacks and to weaken credentials, leading to default credentials being applied to the device.

To read the complete article see: https://www.securityweek.com/ics-patch-tuesday-rockwell-automation-leads-with-8-security-advisories/ .