Rockwell Automation FactoryTalk Linx Software (Update A) (ICSA-20-163-02) – Products Used in the Water and Wastewater and Energy Sectors

July 9, 2020

CISA has updated this advisory with details on the affected products. Read the advisory at CISA.

June 11, 2020

CISA has published an advisory on improper input validation, path traversal, and unrestricted upload of file with dangerous type vulnerabilities in Rockwell Automation FactoryTalk Linx Software. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, obtain remote code execution, and read sensitive information. Rockwell Automation recommends users apply patches by following instructions in knowledgebase articles as well as implementing a series of measures to prevent exploitation. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.