Rockwell Automation patched several vulnerabilities in its ICS controllers and software products. FactoryTalk Historian Site Edition had three high- and critical-severity flaws enabling authentication bypass and DoS attacks. FactoryTalk Analytics PavilionX contained a high-severity improper API authorization vulnerability allowing unauthorized privileged operations. CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers had a high-severity DoS vulnerability causing major faults, plus additional DoS issues in some CompactLogix models. Flex I/O dual-port Ethernet/IP adapters were affected by a DoS flaw and a critical vulnerability permitting unauthenticated attackers to change the device's web interface password, risking account takeover. RSLinx software had an old DoS vulnerability from a third-party component. Rockwell Automation and CISA have issued advisories, and patches are available. No in-the-wild exploitation of these new vulnerabilities has been observed, though an older vulnerability (CVE-2021-22681) was confirmed exploited previously.

The vulnerabilities could allow attackers to bypass authentication, perform denial-of-service attacks causing device faults and outages, execute unauthorized privileged operations including user and role management, and take over device accounts by changing passwords without authentication. These impacts could disrupt industrial automation processes and compromise control systems if exploited. However, no current exploitation of these newly patched vulnerabilities has been reported.

Patches are available from Rockwell Automation for all identified vulnerabilities affecting Logix, CompactLogix, Flex I/O adapters, RSLinx, and FactoryTalk products. Customers should apply these official fixes promptly to remediate the security issues. There is no indication that additional mitigation steps are required beyond applying the vendor-provided patches.