May 24, 2018
The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.
May 10, 2018
The NCCIC has released an advisory on a vulnerability in Rockwell Automation Arena. Versions 15.10.00 and prior are affected. Successful exploitation of this vulnerability could cause the software application to crash. Rockwell Automation encourages affected users to upgrade to the latest version of Arena software, 15.10.01 (or later). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation Stratix Industrial Managed Ethernet Switch. Allen-Bradley Stratix 8300 Industrial Managed Ethernet Switches, versions 15.2(4a)EA5 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation has released knowledge base article 1073315 and recommends implementing a series of mitigations.
The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix and ArmorStratix Switches. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation recommends users upgrade to FRN 15.2(6)E1 or later.
The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix Services Router. Allen-Bradley Stratix 5900 Services Router, versions 15.6.3M1 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.
The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation MicroLogix. MicroLogix 1400 versions FRN 21.003 and prior and MicroLogix 1100 versions FRN 16.00 and prior are affected. Successful exploitation of these vulnerabilities could cause denial of service, disclosure of sensitive information, communication loss, and modification of settings or ladder logic. Rockwell Automation has recommended a series of mitigation strategies for these vulnerabilities.
ICS-CERT has released an advisory on a Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers vulnerability. Multiple versions of this product are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unresponsive to Modbus TCP communications and affect the availability of the device. Rockwell Automation encourages affected users to upgrade to the latest version of available firmware, FRN 21.003. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
