JT Jeeraphun – stock.adobe.com
ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment and reminds them that there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity
American industrial control systems (ICS) specialist Rockwell Automation has urged users across the world to disconnect their equipment from the public-facing internet, citing geopolitical tensions and a dramatic increase in threat actor activity targeting its hardware through a number of known common vulnerabilities and exposures (CVEs).
The Milwaukee, Wisconsin-based firm’s warning is accompanied by an alert issued by the United States’ Cybersecurity and Infrastructure Security Agency (CISA), advising users to follow its advice.
“Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity,” the firm said.
“Consistent with Rockwell Automation’s guidance for all devices not specifically designed for public internet connectivity (for example, cloud and edge offerings), users should never configure their assets to be directly connected to the public-facing internet.
“Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorised and malicious cyber activity from external threat actors,” Rockwell added.
The organisation is also urging users to pay particular attention to remediating a series of seven known vulnerabilities in various products.
These flaws are CVE-2021-22681 in Logix Controllers; CVE-2022-1159 in Studio 5000 Logix Designer; CVE-2023-3595 in Select Communication Modules; CVE-2023-46290 in FactoryTalk Services Platform; CVE-2023-21914 in FactoryTalk View ME; CVE-2024-21915 in FactoryTalk Service Platform, and CVE-2024-21917, also in FactoryTalk Service Platform. Details of these vulnerabilities are available in the linked advisory.
Ken Dunham, director of cyber threat at the Qualys Threat Research Unit (TRU), said: “The Rockwell Automation alert recommends immediate removal of any device that is currently installed with public Internet connectivity, for which it was not designed. This may seem like common sense, but all too often in a world of ‘Hello, it wor