Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A) (ICSA-19-050-04)

September 5, 2019

The NCCIC has updated this advisory with additional details on the mitigation measures. Read the advisory at CISA.

February 19, 2019

The NCCIC has published an advisory on a cross-site scripting and authentication bypass vulnerability in Rockwell Automation Allen-Bradley PowerMonitor 1000. All versions are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability of the device. Rockwell Automation is currently working on mitigations and reports that CheckPoint Software Technologies has released IPS rules to detect attempts to exploit the vulnerability. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.