IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats
Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity.
Consistent with Rockwell Automation’s guidance for all devices not specifically designed for public internet connectivity (for example, cloud and edge offerings), users should never configure their assets to be directly connected to the public-facing internet. Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors.
More information on attacks on public-internet-exposed assets, including information on how to identify exposed assets and disconnect them from the public internet, is available in these documents from Rockwell Automation and CISA (Cybersecurity and Infrastructure Security Agency):
- Rockwell Automation | Advisory on web search tools that identify ICS devices and systems connected to the Internet [login required]
- CISA | NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
- CISA | How-to Guide: Stuff Off Shodan
- Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
In addition to disconnecting assets from the public internet or if disconnection is not feasible, Rockwell Automation also urges its customers to follow the security best practices outlined in this document: Rockwell Automation | Security Best Practices [login required].
Customers should be aware of the following related CVE’s and ensure mitigations are in place, where possible.
CVE No. |
Alert Code (ICSA) |
Advisory Name and Link, URL |
2021-22681 |
21-056-03 |
CISA | Rockwell Automation Logix Controllers (Update A) https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 |
2022-1159 |
22-090-07 |
CISA | Rockwell Automation Studio 5000 Logix Designer https://www.cisa.gov/news-events/ics-advisories/icsa-22-090-07 |
2023-3595 |
23-193-01 |
CISA | Rockwell Automation Select Communication Modules https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01 |
2023-46290 |
23-299-06 |
CISA | Rockwell Automation FactoryTalk Services Platform https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-06 |
2024-21914 |
24-086-04 |
CISA | Rockwell Automation FactoryTalk View ME https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-04 |
2024-21915 |
24-046-16 |
CISA | Rockwell Automation FactoryTalk Service Platform https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-16 |
2024-21917 |
24-030-06 |
CISA | Rockwell Automation FactoryTalk Service Platform https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-06 |
